Cyber Incident Victim: ohcecilia.com

On July 20, 2015, the website ohcecilia.com was compromised by an attacker using the alias @ElSurveillance as part of a coordinated campaign targeting multiple escort-related services. The attacker defaced the homepage with a message criticizing the morality of such sites and their users while promoting religious content and anti-establishment views. The defacement included a block of text urging visitors to listen to the Quran and reject media narratives about ISIS, accompanied by a claim that site logs containing visitor IP addresses and browser information were accessed. This incident occurred concurrently with breaches of at least five other escort service domains—seductivealchemy.com, sofiadelterra.com, taliaamour.com, tabithalayne.com, and tawnybrie.com—all displaying identical defacement messages. Zone-h.org mirrors were created to archive the defaced pages, with ohcecilia.com’s compromise documented under mirror ID 24614724.

The attacker initially limited exposed data to technical logs showing visitor IPs and browser details rather than full user records or financial information. However, @ElSurveillance later informed DataBreaches.net that user data had been acquired from the breached sites, though no evidence confirmed its public release at the time of reporting. The defacements served as both a protest against the escort industry and a warning to users about privacy risks associated with visiting such sites. No containment measures, technical mitigations, or victim responses were documented in the available report. The incident highlighted operational security vulnerabilities in the targeted services and potential reputational consequences for users whose browsing activities could be inferred from exposed log data.