You are here
Home > Hacking > Hacker claims to have breached Pornhub, but Pornhub says it’s a hoax

Hacker claims to have breached Pornhub, but Pornhub says it’s a hoax


A 19-year-old hacker who goes by the name Revolver claims to have breached into Pornhub server and already sold the access for $1,000.

Just days after Pornhub announced a bug bounty program, a 19-year-old hacker claimed to have breach the site, and was selling access to others for $1,000.

The hacker and self-described “underground researcher” who goes by 1×0123 on Twitter shared to screenshots as proof of his hack into the Pornhub servers. The images purport to show 1×0123 was able to upload a shell through which he could issue commands on Pornhub’s server.×0123/status/731622179922706432×0123/status/731625184457818113

1×0123 claimed on Twitter to have exploited a vulnerability in the user profile script that handles image uploads. He was able to upload a shell through the exploit, which allowed him to browse the server and inject commands. He offered anyone access through the hole in the server for $1,000.

Selling access served as a slight to Pornhub, which recently launched a bug bounty program designed to invite hackers to search the site for vulnerabilities and offered cash rewards for finding them. Pornhub offers between $50 and $25,000 to hackers and bug seekers who report potential problems on the site.

1×0123 decided to forgo the bounty program and try to generate cash—likely less than would be offered from the bounty program—through the exploit, stating on Twitter, “i don’t report vulnerabilities anymore go underground or go away #FuckBugBounty.”×0123/status/731627800814321664

Motherboard reported 1×0123’s disdain for bug bounty programs comes from previous bad experiences. According to the hacker, he has reported previously bugs and received no reply—and no payment—from companies.

Others have levied similar complaints about bug bounty programs in the past; after Uber launched its bug-squashing initiative earlier this year through HackerOne—the same platform Pornhub uses for its program—users claimedthat Uber changed the scope of what they were looking for, essentially disqualifying the bugs found after they were reported.

1×0123 has a history as a noteworthy hacker, and was behind a similar attack on the Los Angeles Times earlier this year, and was recently thanked on Twitter by Edward Snowden after reporting a vulnerability in open-source analytics platform Piwikto the Freedom of the Press Foundation.

Despite 1×0123’s reputable history, Pornhub has essentially denied that he ever had access to its servers.

“The Pornhub team investigated the claim from the hacker named 1×0123. Our investigation proved that while those screenshot might look realistic to people without knowledge of the underlying infrastructure, the attack as described by the hacker is not technically possible,” a spokesperson for Pornhub told the Daily Dot. “This incident was merely a hoax and no Pornhub systems were breached during those recent events.”

Here is reply by 1×0123 to Pornhub:×0123/status/732359521100660736

Jay Prakash Kumar
If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with me directly on Facebook or Twitter. Jay Prakash is a founder of Professional Hacker, Technical Writer, Software Developer, Security Analyst and Technology Enthusiast with a keen eye on the Cyber-world and other technology-related developments.