I’ll admit I sometimes ignore data dumps or hacks if they don’t fit my particular interests in reporting on breaches that impact health data or student data. But occasionally I remind myself that all breaches that expose personal information do need to be taken seriously. Yes, even those, as with the Ashley Madison hack, where some people may feel, “Well, they deserved it because they were behaving immorally.”
In the spirit of not judging, then, it’s worth noting that a hacker who calls himself “ElSurveillance” contacted me about a lot of hacks he claims he has executed targeting porn sites and escort sites.
The first hack, which is the only one he dumped all the data from, was drjizz.com. ElSurveillance, who self-identifies as Moroccan, dumped 30,263 email addresses, usernames, and plain-text passwords. Since drjizz.com’s site claims to have 20,000 registered users, there seems to be a mis-match. Inspection of the data dump suggests many of the email addresses appear to be throwaway addresses. An attempt to google some of the email addresses returned no results.
The site was notified of the data dump last week and sent a sample of the data, but never responded to the notification or a request for confirmation or denial as to the authenticity of the data. @ElSurveillance informs DataBreaches.net that this hack took place last year, but he has been just sitting on the data since then and updated it before pasting it.
Later in the week, ElSurveillance pointed DataBreaches.net to a paste identifying 71 sites he claims to have hacked.
I asked ElSurveillance if the sites were (only) defaced or if he also downloaded user data. He replied that he had hacked and downloaded data:
Some with login details such as Emails, Usernames and passwords and some the user’s private personal information including their IP adresses and so on
As of now, he has not dumped any of the personal information from those 71 sites, but says he’ll be hanging on to it for a while.
When asked why he was targeting escort sites, he provided DataBreaches.net with this statement:
I have been running an operation under the hashtag #EscortsOffline against the escorts website and agencies, Because I strongly believe that our bodies are gifted from Allah (God) to us to look after and not to destroy, And I always hated the idea of people selling their bodies for money which it gives a chance for the escort agencies to take advantage of these people who are in need So many women carried (HSV, HPV, and HIV ….) because they thought that they can earn easy money by join these agencies inc men But what most of people don’t really know that 99% of these agencies are fake, Scams and always ready to make money on your behalf And for what I have seen in my attacks and the databases that I took, They create fake accounts, Profiles and display fake photos that their owners don’t even know that these website have them So I decided to use my skills in something that I believe is good, And hopefully one day the other hackers will carry the same attacks to spreading the words.
But will any of the real people/accounts even learn that their information has been hacked? Probably not. So what good does this actually do? DataBreaches.net posed that question to ElSurveillance, who replied: