Skip to content
Naked Security Naked Security

“Free porn for life” using stolen TeamSkeet accounts advertised on Dark Web

"TheNeoBoss" claims he stole 237,000 account and user details, allegedly from TeamSkeet and affiliated porn sites.

Got a spare $400? Need a lifetime’s worth of porn?

Hacker “TheNeoBoss,” at your service!

That’s the name of a Dark Web user who’s claiming to have breached US-based porn market TeamSkeet.com, from which he claims to have ripped off a database with details for 237,000 users, as Motherboard reported.

The data allegedly includes usernames, plain text passwords, email addresses, real names, IP addresses, and physical addresses.

Motherboard says it has seen a list of 8,000 users’ details. The hacker also sent a screenshot showing that he’s in possession of 237,000 account details in total, but Motherboard wasn’t able to verify the larger set.

TheNeoBoss is also selling a database of what he says are 50,000 login credentials for other sites on TeamSkeet’s broader porn network, Paper Street Media (PSM). Other items up for sale: 426,000 lines of failed login attempts, and 468,000 lines of “Members Geo IP data.”

Motherboard reports that he posted an advertisement for all this on the Dream Market Dark Web marketplace.

From his post:

So recently I managed to breach TeamSkeet.com, the giant USA porn network. By purchasing this database, you will basically have free porn accounts for life, or you could sell them [the login details] separately.

Such a deal. Imagine: free porn for life.

Or then again, maybe that $400 – that’s 0.962 bitcoins, to be precise – will go up in a puff of Dark Web e-smoke and buyers will be stuck with a whole lot of stale 2008 breach detritus?

That, at any rate, was what PSM told Motherboard would happen.

From an email sent by CTO Jamal Hussain after the publication sent a sample of the apparent user data – those 8,000 credentials – given it by TheNeoBoss:

This is not a live breach. The data is from a breach that happened in 2008. We were asked for a ransom, didn’t pay it, made security updates and have not had any issues since. There was no credit card info taken and all accounts are no longer valid for our members area.

Yup, that’s right, echoed company lawyer Steven Eisenberg. Anybody who buys those logins will just come away with a fat sack of nothing, he said:

Once a username is created PSM never blocks it out; however, once it expires, the user can no longer access the site.

This would explain your results. … As previously advised, the purported breach occurred approximately eight years ago, nothing ever came of the purported breach and PSM added additional security measures to its site. PSM is not aware of any other such issues.

By referring to “your results,” Eisenberg was talking about how Motherboard managed to use some of the TeamSkeet usernames on other PSM sites.

That includes the sites Exxxtra Small, Teen Pies, Innocent High, Teen Curves, and CFNM Teens – a selection of some of the 23 separate porn sites to be found in the PSM network.

The publication reports that some of the email addresses failed to receive messages when it reached out to account holders.

TheNeoBoss reportedly claimed to have access to some credit card data that he didn’t take.

He’d rather embarrass people than score credit card details, the hacker claimed in an encrypted chat with Motherboard:

I want to publicly shame them for their poor practices.

It’s not clear whether the shaming is directing at the “them” who enjoy adult content or the “them” that are PSM.

But it’s probably safe to assume he was referring to PSM, given that TheNeoBoss claimed to have been met with indifference when he allegedly told the company about the website’s vulnerability.

“[PSM] didn’t seem to care,” he said.

It’s quite the “he said, she said” situation. For what it’s worth, TheNeoBoss claimed to have exploited the data via an SQL injection and that he had other forms of access to the PSM system, which he said the company had started to shut off.

On the other hand, for what it’s worth, Hussain, the company’s CTO, claimed that there have been no recent breaches.

However, Motherboard confirmed the opposite: in fact, the TeamSkeet site was briefly defaced on 31 March.

TheNeoBoss sent Motherboard’s Joseph Cox screenshots of what looked like administrative panels for the porn network, including customer support tickets dated as recently as 31 March.

At any rate, caveat emptor, would-be buyers of porn for life.

And while we’re at it, caveat emptor, porn consumers. Let’s hope this doesn’t turn into some type of extortion situation or embarrassment scenario a la the breach of the Ashley Madison adulterers site.

Image of Man looking at laptop courtesy of Shutterstock.com

4 Comments

Why would someone pay for free porn? There are already thousands of sites like [redacted], [redacted], [redacted] etc.. You can watch one free site per week and the list will not finish.

hah, was gonna say the same… anyyone reading this article already has a “Free Pr0n For Life Account.” It’s called “Internet Access” (aka [redacted x 15,000] if you prefer).

That said, did NeoBoss emphasize IP and physical addresses as selling points? I’m having trouble determining how they’d help someone merely interested in the porn access–unless he meant the “they” as in the consumers themselves.

Lisa, the image got a rise out of me, and your clever wordplay was the climax of the article. Well shot.

Always find it ironic when Sophos publishes a story like this that uses terms Sophos’ own PureMessage email security product considers “Offensive language”, and thus gets filtered when the story is included in content emailed to subscribers of the Naked Security newsletter.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?