Live streaming adult site leaves 7 terabytes of private data exposed

Our security research team, led by Anurag Sen, has discovered a significant data leak stretching into billions of records at adult live-streaming website CAM4.com, belonging to Irish company Granity Entertainment.

The server’s database size exceeded 7 terabytes with production logs dating from 16 March 2020 and increasing daily.

The unsecured Elastic Search database included a significant amount of both user and company information with the vast majority of email data records referring to users in the US.

The Ireland-based company was immediately contacted and the server was secured shortly afterwards.
Who is CAM4?

CAM4 is a live streaming “cam model” website providing explicit content intended only for adults.

CAM4 is predominantly used by amateur webcam performers with site customers able to purchase virtual tokens that can be used to tip performers or watch private shows.

According to news reports, CAM4 has paid out more than US$100 million in performer commissions since its inception in 2007.

Surecom Corp connection

After reaching out to CAM4.com directly, our security team received a prompt response and also advised us to inform another company called Smart-X.