Weekly podcast: Brazzers, 98 million Russians, and Owen Smith MP

In this week’s podcast, we take a look at two incidents in which credentials from historic data breaches have appeared on the web, and a password mistake by Owen Smith MP.

Hello, and welcome to the IT Governance podcast for Friday, 9th September. Neil is off today, so I’m filling in. Here are this week’s stories.

The email addresses and passwords of approximately 800,000 users of adult website Brazzers have been found online by breach-monitoring site vigilante.pw.

The leaked data matches data that was compromised in a breach of ‘Brazzersforum’ back in 2012. It’s not clear why it’s taken four years for this data to become public.

A Brazzers spokesperson said:

“This matches an incident which occurred in 2012 with our ‘Brazzersforum,’ which was managed by a third party. The incident occurred because of a vulnerability in the said third party software, the ‘vBulletin’ software, and not Brazzers itself.

“That being said, users’ accounts were shared between Brazzers and the ‘Brazzersforum’ which was created for user convenience. That resulted in a small portion of our user accounts being exposed and we took corrective measures in the days following this incident to protect our users.”

Whilst we’re on the topic of old data surfacing on the web, data from Russian email service Rambler.ru, which was stolen in March 2014, has also been put online.

The number of leaked records is far greater than in the Brazzers incident, however: a staggering 98 million.

Rambler has been described as the Russian equivalent of Yahoo as it offers email services as well as acting as a news and content hub for its users.

“We know about that database,” the service said.

“It was leaked March 2014 and contained millions of accounts. Right after the accident we forced our users to change their passwords.

“We also have forbidden to use the previously used passwords for the same account.”

Labour party leadership challenger Owen Smith was lambasted by information security professionals this week when his campaign staff shared a photo on Twitter that showed a whiteboard on which the login details for Smith’s phone bank were clearly visible. The details included the web address, client ID, username and password. A campaign spokesperson told the Huffington Post: “We can confirm that there was no data breach and the login details were not used by any unauthorised users.”

Well, that’s it for this week. As ever, please feel free to comment below, telling us a bit about yourself and what you’d like more information on and we’ll do our best to answer in the coming weeks. Until next time, remember that you can keep up to date with the latest information security news on our blog. And whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.