If you have an account with EscortReviews.com, you may want to change your password immediately Bleeping Computer reports that a database containing information on over 472,000 site members has been posted online.
The database includes usernames, e-mail addresses, IP addresses, and Yahoo, MSN, and Skype account names, all of which could be used to identify members. (Members are not required to use their real names.)
Account passwords were encrypted using the MD5 "hashing" algorithm; passwords hashed using MD5 can often be easily cracked and should be considered compromised. Cracked passwords can be used to hijack accounts.
EscortReviews.com is a user-driven online forum where escorts - i.e., sex workers - in the United States and Mexico post information about themselves and customers write about the quality of their experiences with sex workers.
The site is currently offline, but an archive of some pages is available at the Internet Archive's Wayback Machine.
The most recent EscortReviews home page, cached in November, states, "Whether you are a male member looking for new friends or a new woman on the scene trying to network, make new friends or take advantage of our many opportunities to connect with others Regardless, we promise to have something for you."
Bleeping Computer noted that the site was using an older version of vBulletin forum software, which is known to have security flaws and has not been supported since 2017. It was not clear whether the site itself was compromised or whether online backups of the database were accessed.
Needless to say, whether you are a sex worker or a customer, you do not want the information exposed by the EscortReviews.com data breach linked to your real identity. We want you to not only use unique and strong passwords, but we want you to take precautions.
If you are signing up for an account with a service that is of questionable legality, one that may cause you a lot of embarrassment, or in the case of many prostitutes, one that may put you in physical danger if your real name is revealed, you need to be proactive and cover your footprints need to be covered.
Use a burner e-mail address that will not be used for other accounts. Create a username that you have never used elsewhere. (Many hackers committing online crimes have been caught for reusing usernames.)
Do not connect your account to accounts on other services. Use one of the best VPN services to hide your computer's IP address, but keep in mind that most consumer VPNs log user activity.
We usually tell you to use one of the best password managers to keep all your passwords straight, but in this case it may not be a good idea. Having an EscortReviews.com entry in your password vault could cause suspicion if a friend, roommate or spouse discovers it.
Comments