Posted on October 11, 2019 at 1:57 PM
Hookers.nl, a Dutch forum focusing on prostitution, has recently been hacked. Over 250 000 usernames, emails and encrypted passwords have been stolen and are currently being sold for a measly $300.
There are certain moments in one’s life where you realize that the cultures of other countries are radically different from your own. This could be seen in the fact that prostitution is entirely legal in the Netherlands, albeit highly regulated. Prostitution is one of the world’s oldest professions, and the highly progressive European country apparently saw fit to honor that.
And, with prostitution legal, forums started to pop up to help facilitate and rate prostitution services. One of those forums is Hookers.nl: A place where people rate prostitutes and escorts, as well as give general tips for the practice of both hiring and ‘servicing.’
Even if prostitution is legal, people who make use of the service enjoy the fact that their privacy is protected. Some take extreme measures to ensure this, others not so much. The NOS has been given access to a select few emails. They state that the real identities of several people could easily be guessed via their email addresses.
Hookers.nl makes use of a vBulletin vulnerability. vBulletin itself is one of the world’s most popular internet forum software providers, helping an innumerable amount of forums design and enable themselves across the globe. However, with something so large, there are many people poking holes at the program. Sadly, one of those holes was a very severe one, indeed.
The vulnerability has already been patched, but it’s too late for Hookers.nl. The hacker is trying to sell the information regarding all the account details for a measly $300. Obviously, this is illegal, and hookers.nl is planning to take legal action the moment they are able both on the hacker and anyone using the information for malicious purposes.
While the hacker hasn’t sold the information yet, their confidence that it will happen is rather amusing. They display this confidence with a message they sent to NOS being as follows: “Zeker weten dat mensen het willen kopen, bro.”
A rough translation would be, “I’m sure people will buy it, bro.”
While the passwords for the accounts may have been stolen as well, the passwords were saved via an encrypted key, severely lessening the risk of discovery. Still, if some group put the dedicated time and effort (A substantial amount), they would uncover the passwords.
A Travel Back In time
The similarities to this event and the Ashley Madison hack is undeniable. Back in 2015, a group of hackers, going by the name of The Impact Team, went on a warpath and dumped private user data of the website into the internet for all to see. Obviously, this led to many blackmailing schemes to rise up, as criminals tracked down the users and extorted money out of them to ensure they could keep this information a secret.
However, the Impact Team was a self-stylized group of vigilantes, out to prove to the world that they were in the moral right. This hacker is just in it for the money. While these two reasonings may seem different, the ultimate outcome is they both committed a crime to see it through.
Keeping Yourself Safe
There are many places where they give tips over internet safety, and a few will be linked to promoting proper conduct.
Personal user data is both far more valuable and far less so than one would realize. At the very least, if you’re doing something you would like to keep a secret, do not use your primary email address when signing up for it. Even if it’s legal, like in this case, do not give your regular username either. It’s just playing it safe.