Hacker Claims to Have Full Control of Pornhub, Offers Access For $1,000

A gray-hat hacker claims he has full control of the adult website’s server.
May 15, 2016, 4:26pm
Image: Michael Coghlan/Flickr

A hacker claims to have hacked into Pornhub's server and is trying to sell the access for $1,000.

The hacker, who goes by the name Revolver, posted two pictures on his Twitter to prove he had access to Pornhub's server. The alleged breach comes less than a week after Pornhub launched a bug bounty program to encourage friendly hackers to report flaws and vulnerabilities into the site and help get them fixed.

This is what happen when your sysadmin(s) forgot to lock directories .. 1x0123May 14, 2016

But Revolver didn't seem interested in taking that road.

"I don't report vulnerabilities anymore," Revolver tweeted. "Go underground or go away #FuckBugBounty."

Revolver told me in an online chat that he hates bug bounty programs because in the past he "reported a lot of bugs but got no reply from companies," and he doesn't like to give companies his real name.

The hacker told CSO Online, which first reported the story, that he was able to upload a shell, essentially a control panel he could use to issue any commands on a Pornhub's server. If true, in other words, Revolver had full control over the server. Revolver said he took advantage of a vulnerability in Pornhub's "user profile script that handles image uploads."

Pornhub did not respond to a request for comment, but said on Twitter that it was investigating and that "it doesn't seem like access was gained to a production server."

"I don't report vulnerabilities anymore. Go underground or go away #FuckBugBounty."

On Sunday, the hacker told Motherboard that he had already sold the access to three people. He also said Pornhub reached out to him via Twitter but he has still to hear back from them.

"I will tell them they can go fuck off," he said, adding that, however, "if they gave me a premium account I'm ready to help them fix that."

Revolver has been quite busy in the last few weeks. In April, he reported a bug in the website to the Freedom of The Press Foundation, which earned him a public thank you from Edward Snowden. He also claimed to have found a bug into the website of the embattled Panamanian law firm Mossack Fonseca, which has been at the center of the Panama Papers scandal. And in a similar incident to this Pornhub one, he also offered access to the LA Times website,

In March, Revolver created a site that displayed screenshots and IP address of random people's hackable computers, which he called VNC Roulette.

This piece has been updated to add Revolver's comments to Motherboard.

UPDATE, May 16, 11:02 a.m.: On Sunday evening, Pornhub put out a statement denying a data breach or hack.

Correction: a previous version of this story said the hacker was 19 years old. The hacker, however, said he lied when he told Motherboard his age. He now refuses to reveal it.