INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesImage caption
Hookers.nl was used by sex workers and their clients
Account
details of more than 250,000 people who used a site for sex workers in the Netherlands have been stolen in a hack attack.Email addresses,
user names and encrypted passwords were stolen from a site called Hookers.nl.The attacker is believed to have exploited a bug in its chat
room software found last month.Reports suggest the malicious hacker who took the data has offered it for sale on a dark web marketplace
Hookers.nl was "not happy" about the attack, its media spokesman Tom Lobermann told Dutch broadcaster NOS.Mr Lobermann said sex workers who
used the site and the clients who visited them could be put at risk if their data were to be stolen and sold
He said the site had informed everyone who had an account about the breach.The message sent by the site's administrators also advised
people to change their passwords
NOS technology editor Joost Schellevis, who had seen a selection of data from the files being offered for sale, said identifying site users
via their email addresses would not be difficult.Mr Schellevis contacted the suspected thief who said he felt no guilt over the attack
The accused told NOS: "I am not the devil
It is not a question of whether your website is hacked, but when."The hacker added that several people were interested in buying the data
Hookers.nl used a popular program for hosting online forums and discussions called vBulletin
In late September, security researchers identified a vulnerability in the program that could be exploited to steal data
VBulletin quickly produced a patch for the bug but several sites were breached before they could deploy and install the protection.Prash
Somaiya, technical program manager at HackerOne, said attacking a site like Hookers.nl was a "double win" for cyber-criminals because they
could sell the data and potentially blackmail users.He added: "Other opportunist criminals seeing the news may also use it to attempt to
phish any possible users by posing as the original attacker to blackmail anyone who falls for their scam."
