Users of a shady porn site that posts 'upskirt' pictures of women could have their dirty secrets exposed.

Personal details of 180,000 users of The Candid Board have been uploaded to the internet after a security breach, along with details of their time of last login.

Among the details were 68 military accounts and 19 government email addresses, suggesting that UK civil servants have been visiting the porn site.

The personal details include usernames, hashed-out passwords, dates of birth, IP address and browsing history.

Advertisement

They were leaked by an anonymous source to International Business Times, and were reportedly obtained from September 2015.

The Candid Board charges its users $19.99 a month for a subscription, and provides pictures taken up women's skirts - often without the subject's knowledge.

A New York-based cloud hosting provider called Webair was managing the details at the time of the hack, which targeted a "misconfigured database."

The source told IBTimes: "I decided to contact the hosting company Webair.

"When I described the issue to the support on the other side, he immediately understood what the problem was.

"It was almost as if they were aware of the problems in their system."

Since then, HaveIBeenPwned, a breach notification website, has uploaded the data to its service, but it will only be discoverable by verified owners.

Troy Hunt, who manages HaveIBeenPwned, told IBTimes: "It's amazing how much personal data people will entrust sites of this nature with.

"Members provided accurate email addresses and birthdates which combined with their IP address now very clearly ties them back to a site of very questionable legal status."

In an FAQ, the website states: "We do not want to limit people by a narrow definition of what is and what is not "candid".

"Basically anything un-posed and non-professional is allowed as long as no board rules are broken."

This is not the first time that details have been leaked from a porn site.

In September, the names of nearly 800,000 users of Brazzers were leaked online.

While the stolen data relates to login details for the Brazzers forum rather than the main site, it is thought that many users have duplicated their passwords across both.