GayHoopla Hack Exposes Thousands Of Members’ Personal Data
If the site’s homophobic models weren’t enough to deter you from joining GayHoopla, maybe having your private details exposed is? According to a hacker named “GP Whitehat,” records with personal information—including real names, passwords, IP addresses, and home addresses—for 13,000 past and present GayHoopla members were easily exposed thanks to the site’s poor security. When the hacker attempted to inform GayHoopla owners—including La El, a.k.a. Landon, above—of the security issue, they blew him off (pun not intended).
“When I alerted the sites of their massive security issues, the owners just ignored me. I thought they would take it more seriously if I showed them the data. Unfortunately, that didn’t work either; they just sent me weird threats,” the hacker, who used the handle GP Whitehat, told Motherboard in an encrypted email.
The sites are HotGuysFuck.com and GayHoopla.com. They are both owned by the same company, Blurred Media LLC.
The hacker provided a sample of the data for verification purposes. It included email addresses, user names, plain text passwords, and IP addresses. Motherboard spoke to several users of the sites, one of whom confirmed his password.
GP Whitehat also brought this story to Str8UpGayPorn, and in working to confirm what he was alleging, I asked how easy it was for him to access members’ personal data.
“It’s available to anyone with a moderate understanding of computer security,” he explained. “Sites collecting such info should absolutely not have issues like this. It is only a matter of time before someone dumps the full database on the internet like [what] happened to Ashley Madison.”
In his correspondence with Str8UpGayPorn, GP Whitehat made clear that his only intent was to expose GayHoopla’s security issues, not GayHoopla’s members’ information.
“Stupid people with shit technical ability should not have the private info of thousands of gay people, a group that continues to face harassment and discrimination in many parts of the US and the world,” GP Whitehat told Str8UpGayPorn.
The GayHoopla owners did acknowledge the hack to Motherboard, but they went on to accuse the hacker of being a former GayHoopla associate with “malicious intentions.”
“This individual has refused to identify himself to us or discuss how or even why he has attacked us. He has admitted to stealing our private property, has issued threats against us personally and our business, has vandalized a part of the website, and has used the stolen property in an attempt to damage our business,” the [GayHoopla] representative continued.
Even if all of that is true, so what? None of it would’ve happened if their site was secure.
Note: An earlier version of this article included a gif that did not feature the current GayHoopla watermark. After this article was published, GayHoopla emailed Stra8UpGayPorn requesting that the gif be taken down. The gif—which is still viewable here on Tumblr—has been removed and replaced with a watermarked image above.