Dutch website hack reveals data of 250,000 sex workers' clients: report

Above one of Amsterdam's Red Light Districtsphoto: Quinn Norton/Flickr

The account details of the 250 thousand users of Dutch website Hookers.nl have leaked out after a vulnerability on the website was exploited. A hacker captured the members' data and is offering it for sale, NOS reports based on its own research after an anonymous tip. The website is popular among clients of sex workers, who exchange tips, reviews and experiences in the sex industry. 

The problem extends beyond clients of sex workers. Sex workers themselves are also active on the website. They also may want to not be known as a sex worker with their real names. 

he leaked data includes email addresses, user names, IP addresses and passwords. The passwords are encrypted, but the email addresses are legible. NOS viewed some of the leaked data, which showed that many users used an anonymous user name, but their real names are in the email address used to open an account.

The hacker is offering to sell the data for 300 dollars to any individual who wishes to purchase it. "Certainly people want to buy it, bro", he told NOS. The hacker said that he hasn't sold the data yet, but expects that he will.

"Again, the wise lesson is: always use a dummy Hotmail account or something similar for sites that may have 'blackmailable' information about you," one Hookers.nl user wrote in a forum post. "It seems clear to me that this is a disaster for hookers.nl," another user said.

Hookers.nl confirmed the data breach to the broadcaster and promised to notify all users on Thursday morning. The issue arose when a technical weakness in the vBulletin forum software was revealed just a few weeks ago. The hack took place before the website's managers applied a patch to plug the hole, first announced on September 25, according to Tweakers.net. The hacker confirmed to NOS that he abused a large data breach in commonly used forum software. 

The organization behind the website, Midhold, realizes the sensitivity of this leak. "It is of course not an account of your internet provider that leaked, maybe you don't want people to know that you have an account here", Midhold spokesperson Tom Lobermann said. "We are not happy with this." Hookers.nl set up a forum page for people who want their accounts quickly removed.

The biggest threat to users of the site is blackmail, Arda Gerkens of the Help Wanted foundation, who assists victims of sex-related abuse, said to the broadcaster. Membership in such a forum is certainly something someone can be extorted with", Gerkens said. "Some people are not secretive about their prostitution visit, but it is certain that when people use a nickname they want to remain anonymous."

This is not the first time user data leaked from a controversial website. Four years ago, the personal data of members of adultery site Ashley Madison ended up on the streets thanks to hackers. Subsequently, users were extorted, marriages ended, and even a number of suicides were linked to the data breach, according to NOS.