Adult Themed VR Game Leaks Data On Thousands (securityledger.com)

← Back to Stories (view on slashdot.org)

Adult Themed VR Game Leaks Data On Thousands (securityledger.com)

Posted by BeauHD on Saturday January 13, 2018 @01:00AM from the mature-audience dept.

chicksdaddy writes from The Security Ledger: Somebody deserves a spanking after personal information on thousands of users of an adult virtual reality game were exposed to security researchers in the UK by a balky application. Researchers at the firm Digital Interruption on Tuesday warned that an adult-themed virtual reality application, SinVR, exposes the names, email and other personal information via an insecure desktop application -- a potentially embarrassing security lapse. The company decided to go public with the information after being frustrated in multiple efforts to responsibly disclose the vulnerability to parent company inVR, Inc., Digital Interruption researcher and founder Jahmel Harris told The Security Ledger. Jahmel estimated that more than 19,000 records were leaked by the application, but did not have an exact count.

SinVR is a sex-themed virtual reality game that allows players to navigate in various adult-themed environments and interact with virtual characters in common pornographic themes including BDSM, cosplay, naughty teacher, and so on. The company discovered the data after reverse-engineering the SinVR desktop application and noticing a function named "downloadallcustomers." That function called a web service that returned thousands of SinVR customer records including email addresses, user names, computer PC names and so on. Passwords and credit card details were not part of the data dump, Harris said.

16 of 41 comments (clear)

Min score:

Reason:

Sort:

Naughty teacher? by 110010001000 · 2018-01-13 01:25 · Score: 2

Is the naughty teacher theme the one where they teach Evolution?
1. Re:Naughty teacher? by rmdingler · 2018-01-13 02:28 · Score: 2
  
  The rather obligatory teaching theme ought to be:
  If you enter your genuine personal information into a porn site's data base, you're taking a silly risk.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
2. Re:Naughty teacher? by Ol+Olsoc · 2018-01-13 03:39 · Score: 2
  
  Is the naughty teacher theme the one where they teach Evolution?
  No, it's the 35 year old female boinking her underage students.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
3. Re:Naughty teacher? by Ol+Olsoc · 2018-01-13 03:41 · Score: 1
  
  The rather obligatory teaching theme ought to be:
  If you enter your genuine personal information into a porn site's data base, you're taking a silly risk.
  Depends on whether you are worried about it or not, I guess. If a person is concerned about their data leaking out, they should never use computers at all..
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
4. Re:Naughty teacher? by Ol+Olsoc · 2018-01-13 06:45 · Score: 2
  
  You're using a computer, so you must not be worried. Feel free to post your real name, address, date of birth, mother's maiden name, first pet, city of birth and last four of your social security number here.
  After all, there's nothing for you to be worried about, right?
  I'm always concerned. But the intertoobz is not a secure place, and was never designed to be a secure place. I have whatever protections there are, and don't worry about it that much. Just use good care.
  My point is that if a person wants to use masturbatory aids on the intertoobz, and would feel embarassed or worse if the knowledge that he or she is using those aids, they shouldn't use a service that requires personal info. It's just the same thing with people who want to do criminal acts. The intertoobz is the worst place to do that. Because even with encryption, they are drawing attention to themselves.
  It's like someone using a skywriting service to send encrypted messages. The powers that be might not know what is in those messages, but they can follow the plane, find where it lands, and have anice chat with the pilot, his boss, and eventually the people who paid for the encrypted can be found.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
5. Re:Naughty teacher? by Ol+Olsoc · 2018-01-13 06:53 · Score: 1
  
  No, it's the 35 year old female boinking her underage students.
  I wish I had been one of those students.
  Just remember, she can say you victimized her, https://www.thestar.com/news/w... , and http://www.dailymail.co.uk/new... , and https://nypost.com/2017/12/20/...
  One of these days, and it won't be long, a female teacher will screw a little boy, and he'll be the one arrested.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Shocker! by demonlapin · 2018-01-13 02:18 · Score: 2

Porn VR game has bad security? Who knew?
Re:Backdoor? by jarkus4 · 2018-01-13 02:48 · Score: 1

Most likely it uses common library with some company tools and this function comes from there. Still no authentication for such a function...
Re:Why would it have data by GrumpySteen · 2018-01-13 04:56 · Score: 2

Because it's profitable to harvest customer data and sell it. Duh.
A function named downloadallcustomers by najajomo · 2018-01-13 05:48 · Score: 1

'The company discovered the data after reverse-engineering the SinVR desktop application and noticing a function named "downloadallcustomers."'

Demonstration the necessity of stripping all debug information before shipping the applications - DOH!
1. Re:A function named downloadallcustomers by kqs · 2018-01-13 11:21 · Score: 1
  
  Demonstration the necessity of stripping all debug information before shipping the applications - DOH!
  That would be step 1, sure, but the more important things would be:
  * Stop putting access functions for internal APIs in public clients.
  * Don't allow access to internal APIs from externally.
  * Don't allow access to internal APIs without proper credentials.
  This is a sign of completely screwed up security and programming. I don't care if this is porn, IoT, finance, or anything else: this is a sign of many deeper problems.
2. Re:A function named downloadallcustomers by mentil · 2018-01-13 19:25 · Score: 1
  
  I don't care if this is porn, IoT, finance, or anything else: this is a sign of many deeper problems.
  Not to worry, porn is ALL ABOUT solving 'deeper' problems.
  
  --
  Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
It is english by SuperKendall · 2018-01-13 05:50 · Score: 1

I've been using Balky (along with my whole family and many others I have met) in the U.S. since I was a kid. Never spelled out though, I admit it does look kind of funny (and I'm not even sure that's how it would be spelled for the U.S.).

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:It is english by kqs · 2018-01-13 11:14 · Score: 1
  
  I've always seen it spelled baulky, not balky, though both seem to be valid spellings according to dictionaries.
Re:"Balky" by hey! · 2018-01-13 05:56 · Score: 1

Words are like nice new wood chisels that get stored in a common work area. They don't stay sharp long because people keep misusing them.
"Balky" means "tending to refuse to respond as directed". If you have a car which often fails to start, that is a balky car. Balkiness is a tendency to a particular kind of malfunction, but the submitter here used it as a synonym for "malfunctioning".

--
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Shouldn't that be... by meglon · 2018-01-13 10:26 · Score: 1

Somebody has failed to deserve a spanking......

--
Fascism: An authoritarian and nationalistic right-wing system of government and social organization. See also: NAZI's