In brief: An adult website that specializes in hentai pornography left a database unsecured that exposed the details of 1.195 million users.
It was vpnMentor's researchers who discovered the issue with Luscious.net. Alexa data ranks the website as one of the 5,000 most popular in the US. It focuses on computer-generated and animated pornography that is uploaded by users.
While the breach is now closed, hackers could have accessed users' personal email addresses, their usernames, blog posts, followers, uploads, likes, and locations. It also contained details of the site's 19.7 million photos, though no passwords were in the database.
While around 20 percent of luscious accounts use fake emails, that still leaves a large number of genuine addresses exposed. Some users included their legal names as part of their emails, which makes them prime targets for criminals.
"The highly sensitive and private nature of Luscious' content makes users incredibly vulnerable to a range of attacks and exploitation by malicious hackers," vpnMentor writes.
Based on their email addresses, a large number of users in the database come from Germany, France, Russia, and Italy. There are also a number of users who joined on official government emails.
The database had been exposed since at least August 4. vpnMentor discovered it on August 15, and the breach was closed on August 19. While there is no evidence of it being accessed by hackers, users should beware of phishing attempts, extortion, or even being targeted by competitor websites trying to attract them over. As a security measure, members are being advised to change their Luscious usernames and associated email address.