Skip to content ↓ | Skip to navigation ↓

Databases containing 3.8 million adult dating and Naughty America users’ web accounts are up for sale on a dark web marketplace.

As reported by Infosecurity Magazine, a hacker is advertising several leaked databases on the underground web forum The Real Deal. Those databases are believed to contain 3.8 million users’ information, which includes account credentials stolen from the adult-themed production house Naughty America.

naughty america logoThe price tag for the information is just US$300, or about eight-thousandths of a cent per each compromised account. That offer could reflect the going rate for stolen adult dating user accounts, or it could be due to the fact that each of the account passwords are either old or protected by bcrypt, a strong cryptographic algorithm which takes time and resources to break.

At this time, Naughty America and other adult content sites allegedly affected by the data leak have yet to confirm whether the stolen information is legitimate.

Security researcher Troy Hunt has received at least one user confirmation via his HaveIBeenPwned service. That user allegedly created an account with Naughty America and soon after canceled their subscription.

Thomas Fox-Brewster, a writer for Forbes.com, reports he has also received a few users’ confirmations.

“Forbes was unable to independently verify the figures, though the data dealer, going by the name of Peace, passed on additional databases containing more than the small sample provided on the market,” Fox-Brewser said. “Four of more than 30 individuals included in the leaks responded to Forbes’ attempts at contact, saying they had used Naughty America or Suite703 [another adult-themed website] and planned to change their passwords. Two said they had cancelled their subscriptions more than a year ago. Naughty America’s privacy policy does not state the company will delete user information once an account is terminated.”

Naughty America and Suite703 are just two of the latest adult websites to be breached. Back in July 2015, news first broke about a group of hackers who leaked sensitive internal data stolen from the parent company of Ashley Madison, another adult dating website. Ultimately, the hackers published all 37 million Ashley Madison users’ account information online.