Hacker sells Pornhub shell

A hacker is selling claimed command injection and shell access to adult mega site Pornhub.

The hacker (@1x0123) is asking for US$1000 for the unverified access which, if used, could compromise portions of the site's 60 million daily visitors.

They say PornHub has a vulnerability in its user profile script responsible for image uploading, but claims it is not related to a dangerous ImageMagick flaw.

The hacker who has popped the LA Times and adult VR site Naught America has foregone up to US$25,000 in bug bounties under Pornhub's bug bounty program launched last week. ®

Update

Pornhub has sent us the following statement:

"The Pornhub team investigated the claim from the hacker named 1x0123. Our investigation proved that while those screenshot might look realistic to people without knowledge of the underlying infrastructure, the attack as described by the hacker is not technically possible. This incident was merely a hoax and no Pornhub systems were breached during those recent events."


Biting the hand that feeds IT © 1998–2017