
Adult site leaks data of cam models - DemiGuru
https://www.vpnmentor.com/blog/report-pussycash-leak/
======
rahuldottech
Leaked data includes:

    
    
        Full name
        Birth date
        Birthplace
        Citizenship status
        Nationality
        Passport/ID number
        Passport issue & expiration dates
        Nationally registered gender
        ID photo
        Personal signature
        Parent’s full names
        Fingerprints
        Additional country-specific details (e.g. emergency contact information for UK citizens)
    

This is bad. IDs shouldn't be stored on your server once you've confirmed the
age/identity/whatever of the user.

~~~
celticmusic
generally I agree, but I can understand why they did it. If they're accused of
allowing underage models they'll be in a spot they definitely don't want to be
in.

There was a case years ago of a man who was on trial for child porn. It took
the actress physically coming into the courtroom and showing her ID before the
case was dropped.

It's just a really scary place to be in terms of society and the law, so I can
understand making the decision to do the 'wrong' thing in this instance.

~~~
pavel_lishin
If you're sufficiently paranoid to want to hold onto this data, it should at
least be kept in cold storage. And it's not expensive; I can walk over to Best
Buy right now and pick up a hard drive big enough to store this data with cash
I happen to have in my wallet.

~~~
dragonwriter
> right now and pick up a hard drive big enough to store this data with cash I
> happen to have in my wallet.

You do know that the legal recordkeeping requirements mandate specific
indexing and cross-referencing requirements, and that the age records must
legally include copies of portions of _every covered piece of media_
sufficient to identify the performer against the photos in the age recors, and
also must include cross-reference to every individual full work.

If your media is live streamed, it doesn't seem to me likely that you could
meet the requirements with an offline system.

~~~
sadfklsjlkjwt
> If your media is live streamed, it doesn't seem to me likely that you could
> meet the requirements with an offline system.

You store all the PII offline and assign each performer a unique identifier.
Then tag each stream with the unique identifier.

Why would that not work?

~~~
dragonwriter
> Why would that not work?

It would work if the law is applied on such a way that the list of media
retrieved by querying using the performer ID on the media server is acceptable
as the listing of depictions that is required to be part of the age
verification records. It's pretty clear in the combination of statute and
regulation that either hardcopy or digital records can be used, but it's not
at all obvious that a hybrid of that particular form satisfied the
requirements. From an information management perspective, I can see it making
sense; from what I've seen of administration of legal rules I can see where it
might not be. Especially in an industry that politicians (and lead US federal
prosecutors are all a brand of politicians) like to score points against, I
would expect people to be extremely conservative about uncertain legal
exposure; you don't want a setup where you have a decent but uncertain
argument of it goes to court, you want one that would never give anyone a
reason to think it was a viable pretext for legal action against you in the
first place.

------
DemiGuru
These include scans of documents that prove the model's age, things like ID
cards, birth certificates, and passport scans. Also included were performer
release forms and profile information. This is particularly bad given the
sensitive nature of the work and the need to maintain the personal privacy and
safety of the X-rated web stars. There is also the risk that, as the records
from virtually every occupied part of the world, that LGBTQ+ performers in
some areas could be at risk of persecution.

~~~
landcoctos
Another reason to never send IDs "required" by many companies today .. using
email or their app

~~~
markstos
So you don't use AirBnB?

~~~
Guest0918231
I stayed in one AirBnB where there was a book on a shelf in the living room. I
opened it, and it was the name, passport number, date, and some other
information I can't recall for every past guest.

------
gnrlst
What makes it even worse, is that this is an industry where un-sane
individuals frequently get obsessed / fall in love / stalk the models in
question very frequently due to the context in which they work. This leak is
going to be life-ruining (and potentially dangerous) for many of them.

~~~
sergiotapia
Obsessed simps who donate thousands upon thousands of dollars are very
dangerous. Even on Twitch these people are a sight to behold.

~~~
viklove
And yet, camsite models wouldn't be able to sustain themselves without these
simps. It's really a two-edged blade.

------
speech_less
"We were able to access Pussycash’s S3 bucket because it was completely
unsecured and unencrypted. Using a web browser, the team could access all
files hosted on the database."

This is absurd

------
filmgirlcw
This is terrible. The sensitive nature of this information could have
significantly impact on the victims. This is the type of data, that coupled
with the sensitive nature of the sites content, could pose significant safety
risks — and I don’t say that lightly.

Moreover, the jurisdiction of this place (Andorra), leaves a lot of open
questions about what (if any) recourse there could be either from a punitive
or criminal standpoint.

This is terrible.

------
navs
It's amazing how often you find companies/individuals asking for personal
information/documents over email and SMS. I've been on the hunt for a flat for
the last few weeks. Being in NZ, I used the TradeMe platform where many of the
landlords/listing owners asked for Passport scans, employment letters, bank
statements etc via email before evening looking at the property. No mention of
how that information will be secured and how it will be discarded.

They've likely received hundreds of messages with personal information, all
stored in Gmail inboxes. What happens to them after they're sighted - I
wouldn't know.

I don't know what the 'adult' industry is like but I suspect there's some
sites that verify their models by similar email/SMS mediums.

------
gok
A friend of mine who did a few movies in the 2000s told me she felt much more
violated by the paperwork for the required record keeping than she did having
sex on camera.

~~~
rjkennedy98
It’s there for very good reason- to ensure that the models are adults.

------
Tenoke
Predictions, bets and opinions on what punishment will PussyCash/ImLive be
facing? A fine proportional to their earnings?

~~~
bilekas
My prediction, a public statement apologising. With 2-1 odds that it will
contain : "We value our clients privacy" mentioned at least twice.

~~~
ryandrake
Guarantee they will also say the phrase “we take security very seriously.”

------
throwawayxxx7
See also
[https://www.stripperweb.com/forum/showthread.php?226796-Puss...](https://www.stripperweb.com/forum/showthread.php?226796-PussyCash-
security-breach) for the reaction of camgirls.

------
Pxtl
Given the requirements to keep this data, I'd be curious what data-model would
make sense to prevent leaking it. I honestly can't think of anything practical
that's better than "encrypt at rest, better hygiene with database
credentials". After all, the webserver needs the ability to submit this data,
and logically people are going to want to be able to review their own data on
the web in order to update it.

What do?

~~~
SAI_Peregrinus
Each person's records could be given an ID (say, a UUID) and stored encrypted
in a database. Strong access controls over the decryption keys, etc. Then each
video gets metadata with the UUIDs of the people in it.

Also it never needs to be updated. Once you've proved you're old enough to
legally appear you never need to do so again, at least as long as no time-
travel shenanigans are possible.

~~~
dragonwriter
> Also it never needs to be updated.

In US law the records have recency requirements, content-sample requirements
for each work the model appears in, and indexing and cross-referencing
requirements, and must at the time of each depiction include all names,
nicknames, and aliases, the model has _ever_ used in any context (which can
expand over time), so, no, it will require updates after being stored.

~~~
tzs
Who are you obligated to provide the records to? When you get a records
request from such a party, how long do you have to respond?

As long as there aren't too many parties who can ask for the records, and you
don't have to provide them on very short order, I think the approach I'd take
is to encrypt each document separately using a public key system, and not keep
the plaintext. Each encrypted document would be assigned an ID. Indexes and
cross references would refer to those IDs.

Since each document is separately encrypted, new and updated documents can be
added to the collection without having to decrypt earlier documents.

The private key would be kept on a system that is not online. When a request
for records is received, the indexes and cross references could be consulted
to determine the IDs of the relevant documents, which could then be taking to
the system that has the private key via flash drive, where they could be
decrypted and turned over to the requesting party (presumably law
enforcement).

For the system with the private key, I'd consider using cheap Linux tablets.
Maybe three of them. One for the CEO, one for the CTO, and one kept by the
company's lawyer. The tablets are meant to get locked into a safe and stay
there except when the company is responding to a records request.

~~~
dragonwriter
> Who are you obligated to provide the records to? When you get a records
> request from such a party, how long do you have to respond?

You are required to maintain the records at your place of business or with an
identified custodian, with specified content, indexing and cross-reference
structure, to provide identification of where they are stored along with any
depictions sold/distributes, and make them immediately available for
inspection by inspectors authorized by the US Attorney-General (which will
generally, as I understand, be any US law enforcement agency which asks for
such authority) on demand during normal business hours which are either 9-5
local time or, for inspections at the producer's place of business, the
producer's actual working hours, which must be provided to inspectors and, if
not at least 20 regular working hours per week, must provide notice of at
least 20 hours per week during which the records are available for on-demand
inspection even if they aren't otherwise working hours for the producer.

> As long as there aren't too many parties who can ask for the records, and
> you don't have to provide them on very short order,

I don't think either of those qualifications actually holds, especially the
second.

------
makach
I feel sorry for the girls. _All should stay away from the leaked data_

Is the website stepping up to take responsibility?

~~~
NickBusey
And guys. And others.

------
mv4
This is horrible, and very very dangerous for the people involved.

------
ourcat
Alongside the risk of exposing people's private peccadilloes and the danger
that presents, there's a huge risk of identity fraud, bank fraud, sim-swapping
etc. with all this data.

Particularly when it comes to all the copies of Government Photo IDs
(Passports, Drivers licence, etc.)

------
droithomme
_> They boast 66 million registered members on their webcam chat arena,
ImLive, alone._

Let's say each registered user pays $1 a month for access to this one site
they run. That's $66 million/month in revenue. Enough to secure data and
comply with privacy laws.

~~~
stevewodil
Why are you arbitrarily estimating revenue? Also registered users !=
active/paying users

------
Mountain_Skies
The models are all legally adults so why would the producers need their
parent's full names?

~~~
Symbiote
They probably aren't needed, but they are present on some forms of
identification, like a UK birth certificate.

------
jacquesm
Let's hope nobody gets murdered, injured or raped. This is about as bad as it
gets.

------
sambe
This is terrifying for the models. One of the worst leaks to date, surely?

------
RedComet
I wish people would stop referring to pornography as "adult".

~~~
mprev
Why?

~~~
RedComet
To be clear, I mean using solely the term "adult". Using the term "adult
pornography" is fine.

But to answer your question: Because it is destructive and wrong, no matter
the age of the viewer. Calling it "adult" not only suggests that it is fine
for adults, but entices minors to it under the false impression that they will
be more adult by viewing or participating in it.

~~~
StellarTabi
It is fine for adults. If it weren't for "online adult work" I'd have to
degrade myself to being a waitress or working at McDonald's.

------
sickcodebruh
This is another example of why the US urgently needs legislation along the
lines of GDPR. I know California’s law took effect on Jan 1.

Does anyone know offhand what the penalty would be if this had been a
Californian or EU company?

~~~
Nextgrid
The problem is that the site didn't collect the data because they wanted to,
they did it because the law requires it. GDPR (and presumably equivalent
privacy regulations) explicitly has an exemption for data you are legally
required to keep.

Regarding fines, they wouldn't undo the damage of the leak either. I don't
think this kind of leak can be mitigated with any amount of money, short of
giving all the people involved a new identity and forcing them to start a new
life somewhere else (and even then, they can still be recognised by their
physical appearance).

~~~
bobbydroptables
I don't follow the distinction you're making about GDPR. I don't think anyone
is saying they shouldn't have this information, just that they should make at
least some minor modicum of effort to secure it.

GDPR doesn't say you don't need to properly secure data even if you're legally
required to collect it.

GDPR solves this problem as much as any legislation can.

------
spamlord
Will this leaked data be used by the IRS in the thot audit?

------
Nextgrid
And this is why I recommend using fake details & IDs when signing up to
sensitive services like this. Not an ideal situation and I'm not blaming the
victims here, just stating what I would do if I had no choice but to sign up
for such a site. Given the life-changing consequences of a leak and the risk
of harm (stalkers showing up at home, or being an LGBT performer in a location
where the government doesn't approve of that) the consequences of being caught
with a fake ID are tame in comparison.

Ideally there should be a way for the websites to fulfil their legal
obligations regarding age verification without actually handling any ID data
themselves. Maybe a government-provided oAuth style service where you are
redirected there, authenticate with the government (no extra risk there, they
already have the data) and then they return a signed blob to the website
asserting that you are of legal age without actually disclosing any details.

~~~
falcolas
The models can't fake this data - it's required as proof that the filming is
consensual, and that they are of a legal age to produce the films.

~~~
Nextgrid
Would an ID with everything redacted but the picture and birthdate pass? It
should be sufficient to fulfil the site's legal requirements while mitigating
risk of the data leaking - you can't leak what you can't have.

~~~
jandrese
Would a site be willing to take the risk on accepting a blatantly doctored ID?
The consequences for allowing an underage performer on the site are extremely
severe. Decades in jail labeled as a pedophile and spending the rest of your
life on the sex offender registry.

It's no surprise at all that the sites demand an extraordinary amount of PII
about the performers before they are allowed to post a single image.

Shame the punishments for leaking PII are nowhere near as severe.

~~~
Nextgrid
I've seen a lot of cases where the potential penalties of not checking IDs or
blatant financial crime are severe, and yet the jobs are outsourced to people
not paid enough to care, not given the right tools to investigate
inconsistencies, or encouraged by management to "look the other way" so I
wouldn't be surprised if the same happens here.

Asking for a lot of PII is one thing, actually _checking_ that PII to be
accurate is another thing. The latter can be exploited to regain a slight bit
of privacy.

