Cyber Incident Victim: CityJerks.com
Date:
Apr 2023
Location:
United States of America
Summary
A data breach impacted the hookup website CityJerks[.]com, resulting in the theft of sensitive user information. The stolen data included email addresses, private messages, scrambled passwords, IP addresses, sexual orientation, dates of birth, and user biographies. The compromised passwords were protected by a weak algorithm. The breach was advertised on a hacking forum, with the threat actor claiming the database contained information on 77,000 users from the site.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 27, 2023, a data breach involving two adult-oriented hookup websites, CityJerks[.]com and TruckerSucker, was publicly reported. The incident came to light after an anonymous tipster alerted Troy Hunt, the founder of the data breach notification service Have I Been Pwned, earlier that week. The tipster informed Hunt that hackers had successfully breached the two websites and stolen their user databases. Following this notification, Hunt analyzed the stolen data sets to verify their authenticity and content. His analysis confirmed that the data was legitimate and originated from the two named websites. The stolen data was also being actively advertised for sale on a public hacking forum, a claim that was independently verified by TechCrunch journalists.
The data exfiltrated from the CityJerks[.]com website was extensive and highly sensitive. The stolen database contained information pertaining to approximately 77,000 user accounts. The compromised information included usernames, email addresses, and passwords. The passwords were stored using a weak hashing algorithm, which security experts assessed could potentially be reversed to reveal the users' plaintext passwords. The breach also exposed a significant amount of personal profile information, including users' dates of birth, their self-described sexual orientation, their city and state of residence, and their IP addresses. Furthermore, user biographies and profile pictures were taken in the incident.
Perhaps the most sensitive elements of the stolen data were the private direct messages between users of the CityJerks[.]com platform. These messages contained explicit details of planned sexual encounters and hookups, including specific dates, locations, and sexual preferences. Examples of these messages, as reviewed by Hunt, included texts such as “I will b [sic] in Jackson on business during the day on Nov.13 if interested message back I won’t have a place, will u?”. User biographies also contained explicit sexual preferences, further compounding the sensitivity of the exposed data. A parallel breach occurred at the affiliated website TruckerSucker, which contained information on approximately 8,000 users. The nature of the data stolen from TruckerSucker was identical in type to that taken from CityJerks[.]com.
The CityJerks[.]com website advertised itself as a platform for facilitating mutual masturbation between partners or other members, stating the activity would connect users on "an ever deeper level." The TruckerSucker website was billed as a place for "REAL TRUCKERS and REAL MEN" to meet. The public exposure of user data from these specific sites significantly increased the privacy risks for the affected individuals, given the sensitive and potentially stigmatizing nature of the services offered. The advertising of the stolen data on a hacking forum indicated the attackers' intent to monetize the stolen information or otherwise cause reputational harm to the sites and their users.
The method of initial intrusion used to gain access to the websites' databases was not detailed in the available information. Similarly, the exact timeline of when the breach initially occurred, prior to its advertisement and subsequent reporting on April 27, remains unspecified. The public reporting of the incident was initiated by third-party security researchers and journalists; there was no indication at the time of reporting that the websites' own administrators had detected the breach internally or had issued any public statement. The administrator of both the CityJerks[.]com and TruckerSucker websites did not respond to a request for comment from TechCrunch regarding the incident.
The immediate impact of the breach was the exposure of tens of thousands of users to potential privacy violations, harassment, phishing attacks, and blackmail. The combination of email addresses, personal biographical data, and intimate private messages created a substantial risk for the affected individuals. The use of a weak password hashing algorithm meant that account takeover was a significant secondary risk, particularly for users who had reused their passwords on other online services. The exposure of IP addresses could also potentially be used to infer a user's approximate geographical location with greater precision.
No specific containment or eradication actions taken by the website administrators were documented. The public reporting served as the primary means of notification for the vast majority of users, as no official communication channel from the websites was cited. The response to the incident was therefore limited to external analysis and verification by independent security experts and media outlets. The long-term consequences for the operators of CityJerks[.]com and TruckerSucker, including any potential legal or regulatory repercussions, were not reported. The incident stands as a typical example of a forum breach, albeit one involving what was described as "super sensitive content" due to the nature of the websites' purposes and the intimate data they processed.