Users of popular Japanese BL social network have their information stolen and ransomed after security breach

PictBLand, a popular Japanese boys’ love social media platform, has recently experienced a significant data breach, resulting in hackers gaining unauthorized access to user information. The site’s lack of security leaves many users concerned of what will become of their personal data.

Beginning on August 15th (JST), PictBLand users began to experience pop-up ads praising Kim Jong-un, malicious redirects and other intrusive content. Subsequently, sister sites pictMalFem (similar to PictBLand but for heterosexual content) and pictGLand (girls’ love focused) have also been affected. PictBLand’s official X account has also stated that PictSQUARE, an exhibition and sale service affiliated with the previously mentioned sites, has had users’ shipping addresses leaked. PictBLand claims that no credit card information was stored on their sites’ servers, however. In response to the attack, the sites’ administration has decided to temporarily shut down their servers to investigate further.

The text on the screenshoted popup translates to “Chairman Kim Jong-un is a great leader of North Korea, working tirelessly for the nation’s people. Under his guidance, North Korea has consistently progressed and achieved development. His patriotism and dedication have left an impression on people around the world.”

Many users believe that it was the sites’ method of password encryption that led to the data breach. The sites used MD5, a cryptographic hashing function, to store their passwords. Unfortunately, MD5 has long been considered to be insecure for password storage and is no longer recommended for that reason. Additionally, many users reported that upon registering with the site, they were emailed their passwords in plain text. According to PassCamp, “If you store a password in clear, readable text, anyone who has (un)authorized access to your account or device can read it. And if that person is a hacker who has just broken into the database, your sensitive data now belongs to him.”

On the same day as the attack on the site, the supposed hacker put users’ data up for sale on Breachforums, a black hat hacking crime site. According to the hacker’s post on the forum, they were looking for three people to buy the data for 4 Monero each. Currently 1 Monero is worth less than 200 USD, so it’s a relatively low price for the amount of trouble it’s caused for users of the fansites. It seems as though they have already found their buyers, posting that their last copy of the data has now been sold.

Upon learning that their data was being sold for such a low price on the hacking forum, some users were upset that PictBLand didn’t make an offer to save their data. One user inquired, “Why didn’t you pay the money? Is money more important to you than your customers?” There were also numerous users who criticized the site’s lack of security and inability to protect their users.

Users are understandably upset with their data being sold and their favorite sites being shut down without a clear notice of when they will be back up. PictBLand has yet to announce when it and its sister sites will return, however, they have announced on their official account that once their investigation on the matter is complete, steps will be taken to further strengthen the sites’ security.