Less than a week after one of internet’s most visited adult entertainment website, PornHub, announced a Bug Bounty program to test its internet security, a hacker claims to have breached the website server and sold its database.
PornHub released a press statement on Tuesday rebuking the hacking news as hoax, claiming that they still had the website under their control. However, the hacker – who goes by the nom de guerre “Revolver” — posted pictures from his Twitter handle to showcase his control over the website’s server.
Revolver could have reported the vulnerability that he exploited to earn up to $25,000 bounty that the website had offered to the public, but he instead took the rebellious route to sell the breached database for a mere $1,000 on Twitter.
The hacker reportedly told various media that he loathed bug bounty programs because of his past experience of not being recognized for his contributions and efforts towards internet security. He also denied giving out his real names to the media outlets and claimed that he “reported a lot of bugs (in the past) but got no reply from companies.”
Ironically, Revolver is not a new name in the internet security, although this might be the first time he has carried out an act that impinged a website’s business. He has been thanked by the likes of fugitive American spy Edward Snowden for his reporting of a bug in Freedom of The Press Foundation website in the past. Similarly, he reported bugs in the website of Mossack Fonseca and gained access into the website of LA Times to showcase the weak internet security.
Pornhub receives as many as 60 million daily visitors on its website, which makes it one of the top visited adult sites online. In an attempt to enhance its website security, Pornhub had announced the bounty prize ranging from a minimum of $50 to a maximum of $25K for any users who reported security flaws to the company.
Bug bounty programs have become a standard internet security programs for leading websites to encourage white hackers to find and report security bugs in their sites in lieu of a hefty sum and media attention. Just a few weeks ago, Facebook rewarded Jani, a 10-year-old Finnish boy from Helsinki, for his report about a vulnerability he found in Instagram, a Facebook-owned website.
Likewise, internet giants such as Google (now Alphabet, Inc.), Yahoo!, DropBox, Adobe and Twitter have experimented and benefited by running successful bug bounty gigs in the past. The tactic, however, seems to have backfired with Pornhub, because Revolver claimed that he took control of the website’s user profile script that is responsible for handling picture uploads.
Amidst all the rumors, Pornhub said that they found Revolver’s claims to be just a publicity stunt and assured its users that the site was not breached. The website stated that Revolver’s Twitter posts were a make-believe attempt to fool naive audience, insisting that the attack that the hacker described was not “technically possible” for him to carry out.
Related Resources
antivirus for windows 7