Just a week after launching their own bug bounty program, Pornhub, of the best porn websites has been hacked. A 19-year-old hacker claims to have gotten hold of the website’s server, and he says he will sell it for $1,000.
The teenager who is known as Revolver in the hacking industry said he will sell the server to anyone for just $1,000. He posted picture evidence to show that he had access to the Pornhub servers on his Twitter account. The irony is that the news of the hack comes after just a week after the porn website unveiled their bug bounty program aimed at encouraging white hat hackers or friendly hackers into hacking the system and reporting it back to the company. This would then help the company fix their problems.
https://twitter.com/1×0123/status/731622179922706432
Revolver, however, says that he is not a goodie anymore. In a tweet, he wrote that he did not report vulnerabilities anymore and that in hacking either you go underground, or you go away. He also put a hashtag #FuckBugBounty.
https://twitter.com/1×0123/status/731627800814321664
In an online chat with one reporter, Revolver said that he had grown a disdain for bug bounty programs because of his experience with them in the past. He had reported a lot of bugs and flaws in companies security systems but had not received any replies from most of the companies. He also said that revealing his name to companies was something he did not want to do.
In another interview about how he had hacked the Pornhub website, he said he had managed to upload a shell, something close to a control panel that gave him access to the Pornhub’s server and he could use to issue commands. If the claims were true, then Revolver really is in control of the servers. He said he managed to take advantage of a flaw in the user profile script which handled image uploads on the servers.
There was no response to a comment from Pornhub, but the company wrote on Twitter that there didn’t seem to be any illegal access to production servers.
Fast forward to Sunday and Revolver was claiming that he had already sold the access to three people. He also noted that Pornhub had attempted to reach via Twitter, but there had been no further correspondence from them. He said that if Pornhub came again he would tell them to go and fuck off, but he added further saying if they, however, gave him a premium account then he could help them fix it.
Revolver reported a bug on the Freedom of The Press Foundation and got a public thank you from Edward Snowden. He claims he found a bug in Mossack Fonseca, the company at the centre of the Panama Papers saga.
Thanks to @1×0123 for reporting a piwik vulnerability to @FreedomofPress! Great work. Got a bug report? Please contact @ageis with details.
— Edward Snowden (@Snowden) April 10, 2016