Cyber Incident Victim: MyFreeCams.com
Date:
Jun 2010
Location:
United States of America
Summary
A threat actor compromised an adult streaming platform via SQL injection, exfiltrating approximately 2 million user records containing usernames, email addresses, plaintext passwords, and token balances. The stolen data was sold on a dark web forum, generating substantial cryptocurrency revenue for the attacker before their account was deleted. The company attributed the breach to a legacy vulnerability allegedly patched years prior, asserting no evidence of recent system compromise or exposure of payment card information. Impacted users received password reset instructions, with the organization emphasizing current security measures prevent similar attacks. Exposed credentials nonetheless pose ongoing risks of credential stuffing and extortion attempts against affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2020, a threat actor claimed to have infiltrated MyFreeCams.com, an adult streaming platform, through an SQL injection vulnerability that enabled unauthorized access to user records. The attacker exfiltrated data belonging to approximately 2 million Premium and Diamond members, including usernames, email addresses, clear-text passwords, and MFC Token balances. Following the breach, the perpetrator advertised the stolen dataset for sale on a dark web forum, subsequently deleting both the listing and their account after completing transactions. Analysis of the seller’s cryptocurrency wallet revealed 49 Bitcoin transfers totaling over $22,000, indicating successful monetization of the stolen data. MyFreeCams.com later acknowledged awareness of the incident but attributed the leaked information to a historical security event from June 2010 rather than the 2020 intrusion described by the attacker.
The company asserted that the vulnerability exploited in the 2010 incident had been promptly remediated and emphasized that current systems were resilient against comparable attacks. Despite uncertainty regarding the exact timeline of data compromise, MyFreeCams notified affected users via email and initiated password resets for impacted accounts as a precautionary measure. The organization clarified that no credit card information was exposed, as such data was neither stored nor accessed during the breach. Security researchers warned that the exposed credentials—particularly email addresses and unencrypted passwords—heightened risks of credential stuffing attacks against users’ other online accounts and created opportunities for blackmail or extortion campaigns. Users were advised to update passwords across platforms where they reused identical login credentials.