GP Whitehat sent me a link to an article where he talked about the vulnerabilities of Gay Hoopla & its sister site Hot Guys Fuck. The cause of concern was that user data were compromised "When I alerted the sites of their massive security issues, the owners just ignored me. I thought they would take it more seriously if I showed them the data. Unfortunately, that didn't work either; they just sent me weird threats".
The response of Gay Hoopla.
We're quite sure it's an ex-programmer who we sued & got a judgement from in 2014 (so many little details pointing to it). When he was hired to build a chat client, he had direct access to our server. We've hired an IT security specialist since his first email to us and they've confirmed to us the box is now secure. It's still a fluid situation and we don't want to get too specific, we're still moving systems entirely & working closely with IT security consultant to do this as gracefully as possible. He never had access to any financial data because we ourselves don't collect store that info. That is what 3rd party billers do and their systems are entirely separate from ours. The join forms for the sites do not even collect peoples' home addresses.
This guy is a bad actor & full of shit. What he originally emailed us asking for in compensation to "fix bugs" he himself left on site, was complete bullshit & he knew it. He wanted raw footage, scouting info like 2257's of our models, etc... We'd never give that to anyone. I even invited him to come watch a shoot live and he declined. This guy won't even identifying himself...
Total set up and he's getting a major kick out of it. Lesson... don't hire a freelance programmer who wasn't recommended to you that has access to sensitive information.
UPDATE The response of GP Whitehat to Gay Hoopla's statement.
The site owners still haven't fixed any of the problems exposing the personal information of thousands of mostly gay men or properly disclosed this breach as required by law. Instead they have spent weeks ignoring the problems, spinning their incompetence, and hassling sites for using their old watermark.
I have never been a contractor, employee, fellow pokemon gym member or anything else with the owners of these sites. Before this I knew basically nothing about them. Now I know a lot, and I can tell you they are two of the biggest dumbfucks I have ever encountered.
When it was clear they had no intention of taking this seriously, I brought the story to an experienced journalist at Vice Media's Motherboard site. I chose him because the story required a specialized skill set: the secure and responsible verification of a major website security breach. He verified the breach, and Vice / Motherboard published the story.
If I were just some disgruntled bloke lashing out, I could do a lot worse than this. The personal information about the site owners contained in this breach is endless, and most of the things they claim I want I already have. You could fill your blog for a year exclusively with stories from this stuff. I am showing enormous restraint.
Also: what? They sued a contractor in 2014 for work on their site and kept the site up collecting sensitive personal information? I don't know whether to laugh or cry. I briefly tried finding whatever lawsuit they are referring to but couldn't. If someone else can find it, they should see what that is all about because it sounds like a whole other scandal.
Bottom line: these guys need to fix their sites because they are putting gay men at risk. Gay men in backward towns. Gay men in repressive countries. Thousands and thousands of them.