14 DAY TRIAL // MyFreeCams.com, a famous cam modeling website that at one point was one of Alexa's most popular 1,000 sites on the Internet, is plagued by security issues that simplify password policies and put both users and cam models at risk of having their accounts hijacked.
The problem stems from a weirdly implemented password policy that strips down special characters from passwords and transforms uppercase letters into lowercase.
Instead of adding a layer of complexity, MyFreeCams undermines everyone's password security
Basically, if a user or a cam model chose a password in the form of "Password@123!#&," a hacker would be able to access the account just by typing "password123."
This raises security concerns, especially for cam models, who in most cases use nicknames to hide their real identity and location. Accessing a cam model's account could allow attackers access to information like her actual name and geographical location, increasing the chances of the model being harassed in real life, or even stalked.
Even worse, after Motherboard published an article about this issue, a user also revealed that, when purchasing tokens (virtual currency) to pay the models on the site, MyFreeCams sent him part of the password inside the confirmation email.
MyFreeCams probably does not encrypt passwords either
Additionally, resetting the password also sent the user his old password in cleartext. This lets us believe that the site does not employ any type of encryption when storing the password in its database.
Even worse, after the original Motherboard article, MyFreeCams responded by preventing users from using special characters in their passwords.
Their action is completely idiotic because instead of fixing the problem with storing special characters in password strings, they've chosen to prevent users from using them, thinking this has solved the problem, not knowing that they've exacerbated it by dumbing down the type of passwords users can choose.
The only way users can have a strong password policy in this situation is by either using extremely long password strings or random-generated passwords.
MyFreeCams currently boasts about having over 100,000 cam models and over 5 million regular users.