IF THERE'S ONE THING that everyone wants to hear when it comes to sex-working, wherever they are in the chain, it's "discretion".
Alas, in the age we call 'digital', there's always a risk of being shafted (ooer), and so it goes with a chain of brothels, based in Valencia, Spain.
Thanks to a MongoDB database that's leakier than a Urolagilliac after a 7Eleven Big Gulp, the details (and we mean all of them) about 3,350 sex workers were available without a password for an indeterminate amount of time.
The chain with no name (thanks to an anonymity agreement) has Bob Diachenko of Security Discovery to thank, as it seems his research found the issue (fnar) before anyone did anything really nasty with it.
The women's' vitals such as names, date of birth and nationality are flanked by the vitals - including height, weight, bra size and if they're real or plastic. Photographs of the victims' national ID cards were attached to some records.
There are even some pretty degrading notes from staff like "Curvy Columbian, but not that pretty" and "She is very young, very shy, has no experience" (ew, creepy). There were even some notes of reviews of the women from review sites.
The company has now plugged the hole (that's what she said) but is very keen not to make a big deal about all this, to a fault.
Security Discovery has gone out of its way to protect the anonymity of all those affected. Between the actual data on the sex workers and the telemetry from reviewers, this database and others like it can be an absolute goldmine for ransoms.
During the investigation, Diachenko found a total of 276 exposed (wahey) MongoDB databases in Spain alone, though hopefully not all of them are this touch-sensitive or all the people in that database are screwed. Moreso even. μ
What can a hacker hack if a hacker hacks hackers...
But we doubt people will be lining up to buy it
'Prolific' duo netted more than $100m in spree
But its library is lacking here in Blighty