Users of popular Japanese BL social network have their information stolen and ransomed after security breach

PictBLand, a popular Japanese boys’ love social media platform, has recently experienced a significant data breach, resulting in hackers gaining unauthorized access to user information. The site’s lack of security leaves many users concerned of what will become of their personal data.

Beginning on August 15th (JST), PictBLand users began to experience pop-up ads praising Kim Jong-un, malicious redirects and other intrusive content. Subsequently, sister sites pictMalFem (similar to PictBLand but for heterosexual content) and pictGLand (girls’ love focused) have also been affected. PictBLand’s official X account has also stated that PictSQUARE, an exhibition and sale service affiliated with the previously mentioned sites, has had users’ shipping addresses leaked. PictBLand claims that no credit card information was stored on their sites’ servers, however. In response to the attack, the sites’ administration has decided to temporarily shut down their servers to investigate further.

Post Translation: Has PictBLand been taken over??? There’s strange popups appearing, and there’s something very off about their content

The text on the screenshoted popup translates to “Chairman Kim Jong-un is a great leader of North Korea, working tirelessly for the nation’s people. Under his guidance, North Korea has consistently progressed and achieved development. His patriotism and dedication have left an impression on people around the world.”

Many users believe that it was the sites’ method of password encryption that led to the data breach. The sites used MD5, a cryptographic hashing function, to store their passwords. Unfortunately, MD5 has long been considered to be insecure for password storage and is no longer recommended for that reason. Additionally, many users reported that upon registering with the site, they were emailed their passwords in plain text. According to PassCamp, “If you store a password in clear, readable text, anyone who has (un)authorized access to your account or device can read it. And if that person is a hacker who has just broken into the database, your sensitive data now belongs to him.”

https://twitter.com/eystc/status/1691398552352960512
Post translation: When I had forgotten my PictBLand password, they emailed it to me in plain text, so I immediately unsubscribed, citing that as the reason. When I registered again a few years later, it still hadn’t changed, so it’s very much possible that they are managing passwords in plain text. At least they did a few years ago.

On the same day as the attack on the site, the supposed hacker put users’ data up for sale on Breachforums, a black hat hacking crime site. According to the hacker’s post on the forum, they were looking for three people to buy the data for 4 Monero each. Currently 1 Monero is worth less than 200 USD, so it’s a relatively low price for the amount of trouble it’s caused for users of the fansites. It seems as though they have already found their buyers, posting that their last copy of the data has now been sold.

Upon learning that their data was being sold for such a low price on the hacking forum, some users were upset that PictBLand didn’t make an offer to save their data. One user inquired, “Why didn’t you pay the money? Is money more important to you than your customers?” There were also numerous users who criticized the site’s lack of security and inability to protect their users.

Post translation: It’s already up for sale. pictSQUARE is so sensitive that people don’t even want to be known as users, but the fact that some have had their real names and phone numbers, not to mention authentication information leaked is a disaster of unprecedented proportions. I never thought I’d see someone using unsalted MD5 encryption in this day and age.

Users are understandably upset with their data being sold and their favorite sites being shut down without a clear notice of when they will be back up. PictBLand has yet to announce when it and its sister sites will return, however, they have announced on their official account that once their investigation on the matter is complete, steps will be taken to further strengthen the sites’ security.

Remi Morisawa
Remi Morisawa
Articles: 49

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA