Security press release

Several media sources have recently revealed a data security breach in our websites.

In the first place, we would like to confirm that the incident has already been solved. We have always been compliant with the EU General Data Protection Regulation, so we have consequently followed the recommended protocols for this kind of situations.

Hereby, we would like to give further information of  the incident, clarify the episode and elaborate on the steps we have taken in our users’ interest:

  • 100% of the information in our websites’ database is stored in encrypted format and is not accessible to any third party.
  • All the payment information is totally secure. The card payments are processed by an external specialized provider, which for security reasons will only provide us with partial data on the card number and the card name, which can NOT be used to make payments.
  • As a measure of precaution, we have already got in touch with all the affected users via email, and some of them have already been requested to change their password in order to log in again. They can at any time get in touch with our support team, who will answer any further questions with regards to the incident.
  • The exposed data consists of technical logs which are automatically erased and are only used with control purposes, as well as to ensure the quality of our service and to solve any kind of requests from our users.
  • These logs might contain certain sensitive data, as some users public such information in their chats.
  • The potential number of accounts included in these logs might go up to approximately 330.000 users. Their potentially exposed information might be their email address, their IP address and their user agent (but NOT their passwords).
  • The security breach on these technical logs lasted from 24/05/2019 to 04/09/2019.
  • Due to a technical malfunction we used several temporary servers to store technical logs. We added the required firewall and provider’s protection policies to those servers, but these policies were never fully implemented due to a failure which we are currently investigating.
  • As it was just a temporary server with technical logs, we just opted for shutting it down and putting it out of use.
  • No main database has been jeopardized, only those temporary technical logs, and just by a data security company who discovered the brech.
  • These logs were not used, are not used and will never be used for any kind of behavior analysis or profiling, although they contain technical information on activities performed by the users, such as the purchase of videos, which could theoretically be used for such purposes. Our company, however, has never done that and will never do that.
  • We have found sensitive data (such as contact details, ID number, private chats with private information…) of a very reduced number of camgirls (0,46%) and users (0,54%). They have already been reached in private. 

As of today, and to the best of our knowledge, only the data security company that discovered the breach (and their associates) have accessed those technical logs.

We would like to thank Conditon:Black for informing us of the breach. We have already taken all the necessary steps to prevent such incidents from happening in the future.

According to the General Data Protection Regulation, we have already reported the incident to the Spanish Data Protection Agency (AEPD) in the interest of all our users.

In case of any doubt or in need of any further information, please write to the following email account: privacy@vtsmedia.com