A Hacker Stole 250K User Account Details from a Dutch Sex Work Site

A hacker stole the account details of more than 250,000 users from the popular Dutch website Hookers.nl this week, including email addresses, usernames, IP addresses, and hashed passwords.

Hookers.nl provides forums for people to discuss sex work. There are sections of the forum dedicated to clients discussing their experiences with sex workers.

According to the Dutch Broadcast Foundation, which confirmed the breach with Hookers.nl, the hacker exploited a vulnerability in vBulletin, common online forum software. In the last two weeks, vBulletin has experienced two reported vulnerabilities, one of which was very severe. . vBulletin has since released a patch for that vulnerability, but not before several other websites were hacked.

In a post to Hookers.nl forums, a site admin confirmed the breach and recommended that users change their passwords. Several users are still posting to those forums, demanding that their accounts be deleted. But even if they delete their accounts, this won't recover the data that's already been exposed.

The Dutch Broadcast Foundation reported that after viewing the stolen data, some users could be identified by their email addresses. Both client and sex workers have accounts on the platform.

Although prostitution is legal and regulated in the Netherlands, people still seek anonymity when they're buying services—whether from websites like Hookers.nl or in person at brothels.

Legalizing full-service sex work doesn't eliminate the societal stigma associated with paying for sex; as we've seen in places like New Zealand, where sex work is decriminalized, a toxic culture of discrimination against sex workers is pervasive worldwide.

Even in Amsterdam, a city famously progressive in its sex work policies, sex workers are facing increased discrimination and are being pushed to the margins of a tourism industry they helped build.

Motherboard has reached out to the administrators of Hookers.nl and will update if we hear back.