Notorious hacker wipes clean video hosting site for balloon ‘enthusiasts’

A hacker has leaked sensitive user data from a video hosting website dedicated to inflatable and balloon fetishes.

In a post to a notorious cybercrime forum on Monday, the hacker, self-identified as Thrax, announced that they had obtained users’ email addresses, IP addresses, and hashed passwords from the platform InflateVids.

An animated GIF shared by Thrax also purported to show the website’s server instance being wiped, apparently causing all of InflateVids content to be deleted. Although the website is currently inaccessible, an archived copy of the homepage shows how InflateVids was defaced during the attack.

InflateVids later confirmed the attack in a post on X, noting that it was unsure when the site would be restored.

“Website is currently down due to a hack. There is no ETA on when we’d possibly come back from this,” InflateVids wrote. “Part of the hack included encrypted password hashes, email addresses and IP addresses. If you used your password anywhere else, use a password manager and change these.”

Website is currently down due to a hack. There is no ETA on when we'd possibly come back from this.
Part of the hack included encrypted password hashes, email addresses and IP addresses. If you used your password anywhere else, use a password manager and change these.

— InflateVids (@InflateVids) December 11, 2023

In follow-up remarks on their Patreon, InflateVids ensured users that not all sensitive information was compromised in the attack. The site, which requires ID verification to join, insisted that all such images are deleted and that “the hacker doesn’t appear to have downloaded our files anyway.”

InflateVids did, however, warn that it had been using an outdated hash algorithm to scramble users’ passwords—making them potentially vulnerable to being cracked.

“For passwords, sadly the website still used an outdated hashing technique, SHA-1,” they added. “We will patch this to use more modern hashing techniques and add a salt to comply with more modern and secure standards.”

HaveIBeenPwned, a service which alerts users when their data shows up in leaks, noted that approximately 13,405 unique email addresses were exposed in the hack.

A hacker who goes by Thrax also made headlines last year after breaching the news site Fast Company, allowing them to send out an “obscene” and “racist” Apple News push alert to the site’s readers.

Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.

Source: https://www.dailydot.com/debug/inflatevids-balloon-videos-hack-sensitive-user-data-leaked/