Cyber Incident Victim: Suite703.com
Date:
Apr 2016
Location:
United States of America
Summary
A hacker compromised the adult entertainment site, exposing approximately 3.8 million user accounts containing email addresses and passwords. The stolen database was offered for sale at an exceptionally low price, highlighting concerns about the economic incentives for cybercriminals and systemic vulnerabilities in protecting sensitive customer data. The incident underscored broader risks to digital privacy across online platforms handling intimate user information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In April 2016, NaughtyAmerica.com suffered a data breach involving the theft of user account information. On or around April 10, a hacker advertised the sale of databases containing email addresses and passwords for approximately 3.8 million accounts from the adult entertainment site. The compromised records were offered for sale at a price of $300, significantly lower than typical black-market rates for stolen data of that scale. The hacker's public offer brought immediate attention to the breach, prompting security researchers and media outlets to verify the authenticity of the data. Analysis of samples confirmed the legitimacy of the stolen credentials, linking them directly to Naughty America's user base. The company was notified about the breach through these external reports rather than internal detection mechanisms. The incident occurred amid a series of high-profile leaks targeting adult content platforms, drawing comparisons to previous events like the "Fappening" celebrity photo leaks.
The breach's primary impact stemmed from the exposure of sensitive user credentials at an exceptionally low price point, increasing risks of credential-stuffing attacks and mass account compromises across other platforms. Security experts emphasized that the discounted sale price indicated either rapid monetization motives or an attempt to widely distribute the data for malicious purposes. No evidence suggested financial data or explicit content was exfiltrated, but the email-password pairs alone created significant privacy and security risks for affected users. The incident highlighted systemic vulnerabilities in the adult entertainment industry's data protection practices, following similar breaches at competing platforms. Public reporting focused on the broader implications for digital privacy, underscoring how easily large volumes of personal data could be acquired and weaponized by malicious actors. Naughty America did not disclose specific remediation steps in available reports, though the sale of the dataset continued across underground forums during the immediate aftermath.