Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Software Privacy

Adult Themed VR Game Leaks Data On Thousands (securityledger.com) 41

chicksdaddy writes from The Security Ledger: Somebody deserves a spanking after personal information on thousands of users of an adult virtual reality game were exposed to security researchers in the UK by a balky application. Researchers at the firm Digital Interruption on Tuesday warned that an adult-themed virtual reality application, SinVR, exposes the names, email and other personal information via an insecure desktop application -- a potentially embarrassing security lapse. The company decided to go public with the information after being frustrated in multiple efforts to responsibly disclose the vulnerability to parent company inVR, Inc., Digital Interruption researcher and founder Jahmel Harris told The Security Ledger. Jahmel estimated that more than 19,000 records were leaked by the application, but did not have an exact count.

SinVR is a sex-themed virtual reality game that allows players to navigate in various adult-themed environments and interact with virtual characters in common pornographic themes including BDSM, cosplay, naughty teacher, and so on. The company discovered the data after reverse-engineering the SinVR desktop application and noticing a function named "downloadallcustomers." That function called a web service that returned thousands of SinVR customer records including email addresses, user names, computer PC names and so on. Passwords and credit card details were not part of the data dump, Harris said.

Adult Themed VR Game Leaks Data On Thousands

Comments Filter:
  • by 110010001000 ( 697113 ) on Saturday January 13, 2018 @08:25AM (#55921321) Homepage Journal
    Is the naughty teacher theme the one where they teach Evolution?
    • The rather obligatory teaching theme ought to be:

      If you enter your genuine personal information into a porn site's data base, you're taking a silly risk.

      • The rather obligatory teaching theme ought to be:

        If you enter your genuine personal information into a porn site's data base, you're taking a silly risk.

        Depends on whether you are worried about it or not, I guess. If a person is concerned about their data leaking out, they should never use computers at all..

      • If you enter your genuine personal information into a porn site's data base, you're taking a silly risk.

        This is of course not the same thing, but OK Cupid is now asking for first names. I've heard of people actually entering them -- that and their actual pictures have led to some users actually being located in real life.

        That being said, when they asked me I entered "Nope". Now they've begun sending me emails with Dear Nope, ...

        I might tell a potential date my first name during the first conversation, but i'm sure NOT telling the entire world. (That, and it's fairly unique. My first name is enough to

    • Is the naughty teacher theme the one where they teach Evolution?

      No, it's the 35 year old female boinking her underage students.

  • by demonlapin ( 527802 ) on Saturday January 13, 2018 @09:18AM (#55921449) Homepage Journal
    Porn VR game has bad security? Who knew?
  • What does that mean? its not English, so you can't blame the spelling corrector, and bulky my be true, but is not relevant here.
    • I've been using Balky (along with my whole family and many others I have met) in the U.S. since I was a kid. Never spelled out though, I admit it does look kind of funny (and I'm not even sure that's how it would be spelled for the U.S.).

      • by kqs ( 1038910 )

        I've always seen it spelled baulky, not balky, though both seem to be valid spellings according to dictionaries.

  • 'The company discovered the data after reverse-engineering the SinVR desktop application and noticing a function named "downloadallcustomers."'

    Demonstration the necessity of stripping all debug information before shipping the applications - DOH!
    • by kqs ( 1038910 )

      Demonstration the necessity of stripping all debug information before shipping the applications - DOH!

      That would be step 1, sure, but the more important things would be:
      * Stop putting access functions for internal APIs in public clients.
      * Don't allow access to internal APIs from externally.
      * Don't allow access to internal APIs without proper credentials.

      This is a sign of completely screwed up security and programming. I don't care if this is porn, IoT, finance, or anything else: this is a sign of many deeper problems.

      • by mentil ( 1748130 )

        I don't care if this is porn, IoT, finance, or anything else: this is a sign of many deeper problems.

        Not to worry, porn is ALL ABOUT solving 'deeper' problems.

  • Somebody has failed to deserve a spanking......

Duct tape is like the force. It has a light side, and a dark side, and it holds the universe together ... -- Carl Zwanzig

Working...