Hackers Stole Millions of PornHub Users’ Data for Extortion

Federal contract records A review conducted by WIRED this week shows that U.S. Customs and Border Protection is moving from testing small drones to using them as standard surveillance tools, a move that would further expand CBP’s already extensive network that in some cases extends far beyond the U.S. land border.

Meanwhile, US Immigration and Customs Enforcement plans to incorporate a broad cybersecurity contract that includes expanded employee monitoring and monitoring. This move comes at a time when the US government is stepping up leak investigations and condemning internal opposition.

Chinese-language AI app Haotian can be used to create “near-perfect” face swaps during live video chats, and is a favorite tool of scammers in Southeast Asia. WIRED’s investigation combined with independent research indicates that the company actively marketed its tools to scammers, often via Telegram. Haotian’s main Telegram channel has disappeared after WIRED contacted Telegram for comment.

Fraudsters in China are using artificial intelligence-generated images of supposedly defective, misdirected products and services — from dead crabs to torn bedsheets — to convince e-commerce sites to give them refunds.

And there’s more. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

The hacker group known as Com has spread across the Internet for years, hacking into hundreds of companies for fun and vain profit. Now they have obtained a large and sensitive trove of highly personal data: user logs for PornHub, the world’s largest porn site.

ShinyHunters, a subgroup within Com, appears to have stolen more than 200 million records of premium PornHub users, totaling 94 gigabytes of data detailing users’ histories on the site linked to their account information, including email addresses. According to a public statement from PornHub, the data appears to be from MixPanel, a data analytics company that the porn site used until 2021, suggesting that the hacked data may be four or more years old. BleepingComputer, the media outlet that broke news of the hack, reported that PornHub had received extortion emails from hackers over the past week. No doubt, a fair number of the site’s users are hoping that PornHub will pay the price, and that ShinyHunters will keep their personal browsing private.

Venezuela’s state oil company, Petroleos de Venezuela (PDVSA), said a cyberattack crippled its administrative systems shortly after the US military seized a tanker carrying nearly 2 million barrels of Venezuelan crude. In a public statement, PDVSA said operations were continuing, but accused the United States of orchestrating the hack as part of a broader campaign against the country’s energy sector. Reuters reports that the attack may have been more damaging than PDVSA admitted, temporarily halting the delivery of oil shipments and putting internal systems completely offline.

The incident followed an unusual escalation by Washington in its ongoing standoff with Caracas, which has been characterized by competing claims over sovereignty and security, and by naval strikes and seizures targeting ships that US officials have linked to criminal networks operating under the protection of Venezuelan president Nicolas Maduro — a claim for which the Trump administration has provided no public evidence.

“Edge” network devices such as routers, VPNs, and firewalls have become a prime target for hackers looking for ways to compromise their targets. So the news of a serious, unpatched security vulnerability in a host of Cisco products represents a frenzy, one that network hackers have been quietly enjoying for weeks. Cisco’s Talos research team this week revealed a zero-day presence in Cisco’s secure email gateway, secure email and web manager products that use its AsyncOS software, noting that they had been exploited since late November by hackers who appeared to be a Chinese state-sponsored group. What’s worse is that Cisco doesn’t appear to have a patch ready to fix the vulnerability yet.

However, Cisco’s warning notes that the vulnerability lies in the “spam isolation” feature on devices, which is not exposed online by default and can be taken offline as a mitigation measure until a patch is available. “We strongly encourage customers to follow the guidance in the advisory to assess any exposure and mitigate risks,” a statement from Cisco said. “Cisco is actively investigating the issue and developing a permanent fix.”

Many cybersecurity professionals must have entertained the idea that it is more lucrative on the dark side. But two guys who worked at cybersecurity companies Sygnia Consulting and DigitalMint decided to actually try it. After launching their own ransomware campaign that went so far as to extract $1 million from a Florida medical device company, they have now pleaded guilty to hacking charges. Ryan Clifford Goldberg worked at Israeli company Sygnia as an incident responder, while Kevin Tyler Martin worked at US cybersecurity company DigitalMint as a ransomware negotiator, while also allegedly working as an affiliate of the notorious ALPHV ransomware gang. A third alleged conspirator was named in court filings but was not charged in the case.