Cyber Incident Victim: Team Skeet
Date:
Mar 2016
Location:
United States of America
Summary
A hacker breached the adult entertainment network Team Skeet, compromising administrative functions and advertising stolen user data—including email addresses, plaintext passwords, names, physical addresses, and IPs—for over 237,000 accounts on the dark web. The attacker defaced the website, demonstrated access to internal administrative panels and customer support systems, and attempted to extort the parent company, Paper Street Media, which denied the breach was recent, attributing the data to a historical incident while asserting enhanced security measures. The hacker claimed to possess additional databases from affiliated sites and unsuccessfully sought to report vulnerabilities to the company prior to the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2016, a hacker operating under the alias TheNeoBoss breached the adult entertainment network Team Skeet, part of the Paper Street Media (PSM) network. The attacker gained administrative access to the website and exfiltrated user data, later advertising it for sale on the Dream Market dark web marketplace. The hacker claimed the database contained email addresses, plain text passwords, names, physical addresses, and IP addresses for approximately 237,000 Team Skeet users, along with additional datasets including 50,000 logins for other PSM sites, 426,000 failed login attempts, and 468,000 geolocation records. On March 31, 2016, the hacker briefly defaced the Team Skeet website and provided Motherboard with screenshots of administrative panels showing customer support tickets dated as recently as that same day, demonstrating ongoing access to PSM systems. The hacker demanded a ransom of 0.962 bitcoins (~$400) for the complete dataset and stated motivations centered on publicly shaming PSM for inadequate security practices, alleging the company ignored vulnerability warnings and lacked a bug bounty program.
PSM leadership initially denied the breach's validity when contacted by Motherboard in 2016. Chief Technology Officer Jamal Hussain dismissed the data as originating from an unrelated 2008 breach, asserting no recent security incidents and citing implemented security upgrades. PSM's lawyer Steven Eisenberg corroborated this timeline, explaining that expired usernames remain permanently reserved but inactive, which could explain Motherboard's verification of some credentials. However, forensic analysis by Motherboard contradicted these claims: 56 of 64 sampled usernames from the hacker's dataset corresponded to active Team Skeet accounts, and a larger sample of 8,000 records showed similar verification patterns. The March 31 website defacement and administrative panel screenshots provided contemporaneous evidence undermining PSM's assertion that the breach was historical. No credit card data was confirmed stolen, though the hacker claimed access to partial financial information. The FBI was notified but provided no public comment regarding the incident. PSM maintained no operational disruptions beyond the temporary defacement and reiterated confidence in their security protocols despite the contradictory evidence.