Stay ahead – join The Drum +

Pornhub penetrated by hackers: Pays a bounty to protect your dirty data

PornHub was hacked by a group

A hacking group has gained access to leading porn website Pornhub, highlighting an exploitation that can be made via the the site's PHP coding.

The brand paid out a bounty of $20,000 to cyber-security group Evonide for alerting it to the vulnerability back in June. In return, the group relinquished control of the site, choosing not to leak any data on users and their viewing habits, news which would be a relief to many no doubt (see Ashley Madison leak).

The group drafted a statement on its website detailing the hack, penned by Ruslan Habalov and hacker Dario Weißer, it read: “Pornhub’s bug bounty program and its relatively high rewards on Hackerone caught our attention.

"That’s why we have taken the perspective of an advanced attacker with the full intent to get as deep as possible into the system, focusing on one main goal: gaining remote code execution capabilities. Thus, we left no stone unturned and attacked what Pornhub is built upon: PHP.”

With the access the group secured it could have dumped all the user data, track specific users’ habits, or even dump the source code of the site.

The process is understandably complicated, if you want to get deeper into it, check out Evonide’s blog.

By continuing to use The Drum, I accept the use of cookies as per The Drum's privacy policy