Advertisement
Tech by VICE

A Hacker Stole 250K User Account Details from a Dutch Sex Work Site

By exposing a vulnerability in forum software, a hacker accessed 250,000 user details—including information that could identify individuals.

by Samantha Cole and Joseph Cox
Oct 10 2019, 2:32pm

Image via Getty Images

A hacker stole the account details of more than 250,000 users from the popular Dutch website Hookers.nl this week, including email addresses, usernames, IP addresses, and hashed passwords.

Hookers.nl provides forums for people to discuss sex work. There are sections of the forum dedicated to clients discussing their experiences with sex workers.

According to the Dutch Broadcast Foundation, which confirmed the breach with Hookers.nl, the hacker exploited a vulnerability in vBulletin, common online forum software. In the last two weeks, vBulletin has experienced two reported vulnerabilities, one of which was very severe. . vBulletin has since released a patch for that vulnerability, but not before several other websites were hacked.

Are you a sex worker or client affected by the Hookers.nl breach, or a hack like this one? We'd love to hear from you. Contact Samantha Cole securely on Signal at +6469261726, direct message on Twitter, or by email.

In a post to Hookers.nl forums, a site admin confirmed the breach and recommended that users change their passwords. Several users are still posting to those forums, demanding that their accounts be deleted. But even if they delete their accounts, this won't recover the data that's already been exposed.

The Dutch Broadcast Foundation reported that after viewing the stolen data, some users could be identified by their email addresses. Both client and sex workers have accounts on the platform.

Although prostitution is legal and regulated in the Netherlands, people still seek anonymity when they're buying services—whether from websites like Hookers.nl or in person at brothels.

Know of any other websites hacked with the recent vBulletin exploit? We’d love to hear from you. You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Legalizing full-service sex work doesn't eliminate the societal stigma associated with paying for sex; as we've seen in places like New Zealand, where sex work is decriminalized, a toxic culture of discrimination against sex workers is pervasive worldwide.

Even in Amsterdam, a city famously progressive in its sex work policies, sex workers are facing increased discrimination and are being pushed to the margins of a tourism industry they helped build.

Motherboard has reached out to the administrators of Hookers.nl and will update if we hear back.

Tagged:
sex work
vBulletin