Users of The Fappening Forum, a place where aficionados once converged to share and collect images from the infamous celebrity nude photos leak, have had their personal details leak this week during a data breach.
There is no information available about the data breach, except the fact that Troy Hunt has recently added over 179,000 Fappening Forum records to the database of the Have I've Been Pwned? service.
According to Mr. Hunt, the forum's database includes many .gov email addresses, and from the total of 179K leaked emails, 30% were already leaked via other data breaches.
The Fappening Forum was a hot Internet destination two-three years ago, when the Fappening leak was going on. The forum remained a hot destination afterward, since it continued to collect nude celebrity photos from other sources, after the Fappening (or Celebgate) scandal started to die down.
Fappening Forum users who are now running scared to reset the passwords for their accounts should not do so via their mobiles, warns Malwarebytes, a security firm that's been keeping an eye on rogue advertisements around the Web.
Malicious ads lead to ransomware
The company says that it detected a slew of malverts when accessing the site via a mobile device, some that encourage users to download rogue mobile apps.
In one particular instance, researchers said that, by following an ad showed on the forums for PornoTube, an app for watching adult movies, users ended up installing the SLocker ransomware on their mobiles.
Besides ransomware that users download and install as an app, Malwarebytes also reported browser ransomware, which locks your browser on a Web page using JavaScript redirectors until you pay a ransom fee.
As if it wasn't bad enough that users had their secret sexual fantasies leaked via the forum breach, some of them might also have to pay fees to free their device from the grip of a few ransomware variants.
New *sensitive* breach loaded: The Fappening forum had 179k accounts exposed. 30% were already in @haveibeenpwned: https://t.co/hv1u9SEsMR — Have I been pwned? (@haveibeenpwned) April 13, 2016
Pro tip too - if you're gonna sign up to a forum like that, perhaps not use your .gov email address... — Troy Hunt (@troyhunt) April 13, 2016