To date, the platform has leaked greater than 14 million person accounts with greater than 24 GB price of information. The server is updating itself with new info each second.
Hjedd, an notorious Chinese language grownup content material and NSFW platform has been exposing a treasure trove of person knowledge on-line since not less than July 2022. This was found by impartial safety researcher Anurag Sen who confirmed to Hackread.com that the server remains to be uncovered and publicly accessible with none safety authentication or password.
In your info, a database or server uncovered with out safety authentication means anybody with a slight bit of data about discovering unsecured databases on Shodan and different such platforms can have full entry to Hjedd’s person knowledge.
In response to Sen and as seen by Hackread.com, the uncovered knowledge consists of the next:
- Usernames
- Nicknames
- Cellphone Numbers
- Member Particulars
- Customers’ Feedback
- E-mail Addresses
- Bcrypt Hashed Passwords
- Login Ip tackle and particulars
- Messages between Customers revealing Personal contents
On the time of writing, Hackread.com can verify that the leaky server includes particulars of over 14 million customers with greater than 24 GB price of data.
What’s worse, the information is being ceaselessly up to date with particulars of recent and already registered customers.
Harm is Already Finished
Sen alerted Hjedd on a number of events however the firm has up to now failed to reply or safe its server. Nonetheless, Hackread.com can verify that cyber criminals have already discovered their method to the server and leaked the database (apparently with 13.4 million customers’ accounts) on a hacker discussion board which surfaced as a substitute for widespread and now-sized Raidforums.
Potential Menace
In response to the researcher, the knowledge saved on this database is weak to spam advertising and marketing and phishing campaigns. Leaving info like username, e mail, and Cell quantity.
Additionally, its results might trigger bodily harm. It may trigger revealing identities for the discussion board members. The leaked passwords, alternatively, are hashed however they are often matched with encrypted hashes of the password listing to search out the plain textual content password for the accounts.