User data from decade-old breach of MyFreeCams shows up for sale?

Edvardas Mikalauskas reported:

A database that purportedly belongs to, one of the top adult chat and web streaming communities, is being sold on a popular hacker forum. According to the post author, the data was exfiltrated from the company servers in December 2020 by carrying out an SQL injection attack, and includes 2 million user records of MyFreeCams Premium members, including their usernames, email addresses, MyFreeCams Token (MFC Token) amounts, and passwords in plain text.

On investigation, however, he learned that —shocker: the seller may have lied?

The company swiftly responded to our requests and immediately notified affected users and reset their passwords. According to MyFreeCams, their investigation “traced this data to a security incident that occurred more than ten years ago in June 2010” and “the exploit that was used to obtain this data was closed shortly after it occurred.”

If the incident was more than ten years ago, how did the seller allegedly exfiltrate the data from the company server in December 2020?

In an update posted today, Mikalauskas reports that the threat actor who had posted the listing on a forum “has now deleted their post, as well as their account, from the hacker forum. They’ve also emptied their cryptocurrency wallet after collecting ~$22,400 in Bitcoin for the stolen data across 49 transactions.”

Read more on CyberNews.

About the author: Dissent

Comments are closed.