Menu
Browse

Cyber Incident Victim: Brazzers

Date:

Jan 2012

Location:

Canada

Summary

A data breach exposed nearly 800,000 accounts associated with the adult platform Brazzers, originating from a compromised user forum. The dataset included email addresses, usernames, and plaintext passwords, with some entries containing duplicates and sensitive user communications like private messages. The company attributed the incident to vulnerabilities in third-party forum software, emphasizing that inactive accounts were purged from the exposed records. Security researchers verified the authenticity of the leaked data, noting that even users who never registered for the forum could be affected due to shared credentials across the platform's services. The exposure underscored risks tied to reused login credentials and widely exploited forum infrastructure.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 2 motives 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On September 29, 2025, cybersecurity publication Motherboard reported a data breach impacting nearly 800,000 accounts associated with the adult entertainment platform Brazzers. The compromised dataset originated from Brazzers' standalone user forum, which operated separately from the main service. Breach monitoring service Vigilante.pw provided Motherboard with the dataset for verification, revealing 790,724 unique email addresses alongside usernames and plaintext passwords within 928,072 total entries, many of which were duplicates. Security researcher Troy Hunt independently validated the breach by contacting subscribers to his Have I Been Pwned? service, with multiple users confirming their credentials matched the leaked data. One affected individual disclosed using disposable login credentials specifically due to security concerns, while another anonymous user acknowledged the inherent risks of sharing personal information online despite the breach's sensitivity.

Cyber Incident Image

Brazzers' public relations manager Matt Stevens attributed the incident to vulnerabilities in third-party vBulletin software powering the forum, dating the breach to 2012. Stevens clarified that Brazzers' core systems were not compromised but confirmed forum data exposure included private messages and personal user content due to the platform's community-oriented nature. The company removed inactive accounts from the published dataset during its investigation. The breach underscored systemic risks associated with widely used forum software like vBulletin, which security experts including Hunt cited as frequently compromised due to inadequate maintenance practices. While no direct attacker methodologies or detection timelines were disclosed, the incident demonstrated consequences of credential reuse across platforms, as some users reported employing shared or disposable passwords despite accessing sensitive content.

Sources
Sources available to members
1 source