PornHub security breach turns out to be a well-executed hoax

south carolina porn blocker installed new internet connected devices pornhub
This past weekend, news broke that PornHub had been breached, allowing hackers to sell access to a subdomain to the site for a mere $1,000.

It turns out that story was just a hoax.

As reported by CSOOnline, the hacker, who goes by 1×0123 on Twitter, tweeted an image showing that he had gotten access.

Turns out 1×0123’s claims were nothing more than hot air to scam bad guys. The hacker allegedly sold PornHub access to three people. Two people were sold shell access while one was sold injection script.

PornHub reached out to 1×0123 via XMPP, an instant messaging client, to try and resolve this issue. 1×0123 allegedly offered to help fix the vulnerability and give additional details for a fee of $5,000. It’s unknown if PornHub agreed to those terms and paid.

Here’s hoping PornHub didn’t end up paying, because after doing some digging, the site’s engineers started to see the holes in 1×0123’s claims. At first the company believed a test server to be compromised, then a non-production server, but neither were accessed. 1×0123 had provided the site with a copy of the shell he used to dump into the server. PornHub noticed that there was no way the file could have been uploaded due to file size restrictions with the avatars. Not only that, 1×0123’s file contained PHP code, but PornHub’s servers are not designed to execute PHP.

“Even if the server would accept this fake image file we don’t allow code to be executed as an image extension. He provided conflicting information and left the chat shortly after,” a PornHub spokesperson said.

PornHub released an official statement:

“The PornHub team investigated the claim from the hacker named 1×0123. Our investigation proved that while those screenshot might look realistic to people without knowledge of the underlying infrastructure, the attack as described by the hacker is not technically possible. This incident was merely a hoax and no PornHub systems were breached during those recent events. The safety and security of our users is PornHub top priority. We would like to remind everyone that PornHub has a public bug bounty program which can be used to responsibility report any legitimate vulnerabilities in exchange for bounty as high as $25,000.”

Well, that was a close one. Everyone can now sleep soundly knowing that the internet’s porn viewing habits are still a closely kept secret.


Apple CEO demands Bloomberg retract its Chinese surveillance story

Apple CEO Tim Cook is calling on Bloomberg to retract a story alleging that Apple had purchased compromised servers that allowed the Chinese government to spy on Apple. Apple's investigation found no truth to the story.
Movies & TV

The best shows on Netflix, from 'The Haunting of Hill House’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Social Media

Tumblr promises it fixed a bug that left user data exposed

A bug on blogging site Tumblr left user data exposed. The company says that once it learned of the flaw, it acted quickly to fix it, adding that it's confident no data linked to its users' accounts was stolen.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

There's more to Amazon Prime than free two-day shipping, including access to a number of phenomenal shows at no extra cost. To make the sifting easier, here are our favorite shows currently streaming on Amazon Prime.

Here's how to download a YouTube video to watch offline later

Learning how to download YouTube videos is easier than you might think. There are plenty of great tools you can use, both online and offline. These are our favorites and a step by step guide on how to use them.

Carbuying can be exhausting: Here are the best used car websites to make it easier

Shopping for a used car isn't easy, especially when the salesman is looking to make a quick sale. Thankfully, there are plenty of sites aimed at the prospective buyer, whether you're looking for a sedan or a newfangled hybrid.

Your ‘Do Not Track’ tool might be helping websites track you, study says

New research from the "Do Not Track" features embedded in popular browsers are being ignored, opening up the possibility of consumers having their information targeted by specific ads based on their web histories and cookies. 

How to recover Google contacts

If you accidentally deleted an important person from your Google Contacts, they might not be lost forever. Recovering them is a fairly easy process -- as long as you do it quickly. Here's how.

Afraid that Bitcoin could be a bubble? Here's how to sell what you've got

If you're investing in cryptocurrencies, it's important to have your exit strategy in place if prices start to crash. If you've decided it's time to get out or just want to learn how to sell Bitcoins, here's how to get started.

Don't take your ISP's word for it: Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.

Feed your fandom: These are the best YouTube channels for sports lovers

If you're a cable cutter who still wants to enjoy quality sports highlights and analysis, YouTube is the place to go. There are plenty of great sports-centric channels on YouTube, each of which provides great highlights and top-shelf…
Social Media

YouTube is back after crashing for users around the world

It's rare to see YouTube suffer serious issues, but the site went down around the world for a period of time on October 16. It's back now, and we can confirm it's loading normally on desktop and mobile.

Chrome 70 is now available and won’t automatically log you in to the browser

Google has officially launched Chrome version 70 on Windows Mac and Linux. The update introduces some new Progressive Web App integrations on Windows 10 and also tweaks the much controversial auto login with Google Account feature.
Smart Home

Here’s everything you need to know about Amazon Prime Pantry

The marvels of the Internet have made it possible to do all your shopping from the comfort of your living room. Amazon Prime Pantry allows you to buy groceries and household items online. Here's more info about the service.