Sex workers' clients exposed in Dutch hack attack

The names of people who visited sex workers as well as of the workers themselves have been stolen.

Account details of more than 250,000 people who used a site for sex workers in the Netherlands have been stolen in a hack attack.

Email addresses, user names and encrypted passwords were stolen from a site called Hookers.nl.

The attacker is believed to have exploited a bug in its chat room software found last month.

Reports suggest the malicious hacker who took the data has offered it for sale on a dark web marketplace.

Potential blackmail

Hookers.nl was "not happy" about the attack, its media spokesman Tom Lobermann told Dutch broadcaster NOS.

Mr Lobermann said sex workers who used the site and the clients who visited them could be put at risk if their data were to be stolen and sold. He said the site had informed everyone who had an account about the breach.

The message sent by the site's administrators also advised people to change their passwords.

NOS technology editor Joost Schellevis, who had seen a selection of data from the files being offered for sale, said identifying site users via their email addresses would not be difficult.

Mr Schellevis contacted the suspected thief who said he felt no guilt over the attack.

The accused told NOS: "I am not the devil. It is not a question of whether your website is hacked, but when."

The hacker added that several people were interested in buying the data.

Hookers.nl used a popular program for hosting online forums and discussions called vBulletin. In late September, security researchers identified a vulnerability in the program that could be exploited to steal data.

VBulletin quickly produced a patch for the bug but several sites were breached before they could deploy and install the protection.

Prash Somaiya, technical program manager at HackerOne, said attacking a site like Hookers.nl was a "double win" for cyber-criminals because they could sell the data and potentially blackmail users.

He added: "Other opportunist criminals seeing the news may also use it to attempt to phish any possible users by posing as the original attacker to blackmail anyone who falls for their scam."

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.