Tech

Data leak: ID card copies of porn actors unprotected online

Name, artist name, address, bank details and ID copies – Noam Rotem and Ran Locar from the VPN rating site VPNmentor.com discovered on January 3, 2020 a particularly intimate data leak. The porn sites Pussycash and Imlive saved their actors' data in an unprotected Amazon S3 bucket.

Job market

  1. SySS GmbH, Tübingen
  2. Schoeller Technocell GmbH & Co. KG, Osnabrück



The data from 4,000 performers worldwide are contained in the leak, Rotem and Locar write in a report, including several European countries such as Germany, Switzerland and Italy. A zip archive was created for each actor, which often contained photographs, copies of ID, passport or driver's license. Portraits are also included, in which the performers hold their identification cards next to their faces for identification. The files were sometimes a few weeks, sometimes up to 20 years old.

Depending on the country, the ID cards can contain a wide variety of information. In addition to the full name, date of birth, nationality and signature, the fingerprints are also shown on the Brazilian ID. Some of the ID cards also contain the home address and the names of the parents.

Personal information in the contract documents

The documents also contained the contract documents, the report says. Among other things, the artist names and real names and addresses as well as telephone numbers and jobs of the performers were recorded in the forms. The social security number, account information or copies of the credit card were also part of the leak, and in some cases a copy of the birth certificate.

Also included: scans of handwritten biographies, in which the performers explain their sexual preferences and practices, their hopes and dreams to their hobbies and their favorite artists.

Data misuse possible

The data could be misused in many ways, the report said. The extensive information, but especially the copies of official documents, can be misused for identity theft. Porn actors also have to fear stalkers or dirty campaigns, writes VPNmentor.

The performers could also be blackmailed with the information, such as was the case with the data leak from Ashley Madison in 2015. Criminals could also offer the data for sale. In October last year, for example, a hacker offered the data from two escort forums. The situation can be particularly threatening for LGBTQ performers, for example homosexuality is still criminalized in around 70 countries, writes VPNmentor.

After the discovery on January 3, Rotem and Locar reported the data leak to the affiliate network Pussycash and its subsidiary Imlive. On January 7, Imlive replied that they would take care of the data leak and forward the information to Pussycash. The leak was remedied on January 9, Rotem and Locar write. They would never have received an answer from Pussycash.

Please activate Javascript.

Or use that Golem-pur offer

and read Golem.de

  • without advertisement
  • with javascript turned off
  • with RSS full text feed