Brazilian escort site may have exposed over 18 million data

Brazilian escort site Fatal Model may have exposed over 18 million dataIncluding names, emails, phone numbers, account details and device information for both your friends and customers. The size of databases that may have been exposed is about 720GB.

Information about the leak was announced today by (23) cybersecurity researcher and co-founder of Security Discovery company Jeremiah Fowler. The expert explained the details of the incident. Website Planet.

According to Fowler, the recordings were in a cloud database with no protection. He said that after the investigation, Fatal Model found access keys and storage account information to the Amazon Web Services (AWS) server.

One of the phases of Fatal Model registration is Document Verification, but do you know what it is for and why it is applied?

Our influencer Fabi Simpatia tells you all about this phase! pic.twitter.com/iYHwnwkPqf

— Fatal Model (@FatalModel) 15 August 2023

He said that as a white hat (ethical hacker), he never bypassed password protected systems; This was not the case with the escort site’s servers. The researcher also said that he found information such as source codes..

to: Website PlanetFowler said the log database was disabled on the day he discovered the breach. The AWS database remained open until we informed the people responsible for the platform.

According to him, the Fatal Model team has declared that the package (the file container and the metadata of these files) has publicly available data.

Evidence of possible exposure

Jeremiah Fowler sorted it out records database contained 14.6 million records and was 19.17 GB in sizeduring Cloud storage on AWS was over 3.5 million files and 700GB in size.

In the cloud server, for example, there was a folder named “2022”; 35,400 escort accounts with pictures and videos of verifying professionals. In another folder named “2023” there were multiple files. 33,000 supplemental accounts with audio-visual recordings.

The cybersecurity researcher also reported that the database contains application files, installation files, administrative access tokens and device information of Fatal Model users. The white hat hacker shared screenshots showing the accesses; Check them out below:

The image shows the personal data of users included in the log records, such as e-mail address and phone number.

Print screen shows structure of potentially identifiable admin panel URLs

Screenshot shows how the log records exposed device details

This is the verification image of the Deadly Model escort

Warning

Fowler argued that the alleged exposure was dangerous. Cybercriminals can hijack data and blackmail both customers and companions. While prostitution is not a crime in Brazil, malicious actors can blackmail victims and demand money for not revealing their personal information online.

He explained that files that are likely to be exposed are dangerous, as it may be possible to extract client data in JavaScript files (.js) and even inject malicious code into development files, allowing malware and viruses to spread.

Finally, the expert made it clear that despite the gaps: No way to assume that some malicious agent has accessed the logs beforeBecause only an audit can reach this result. He also explained that the findings do not imply any willful abuse or neglect of the Lethal Model.

“We also do not imply any inaccuracies on behalf of the Fatal Model and publish our findings solely to raise awareness and promote best practices for cybersecurity,” he stressed.

Other side

HE Technology World I contacted Fatal Model but did not receive a response until this issue was closed.