cam4, one of the Internets less desirable websites and services for most of us who use the internet daily.  However that doesn't stop it being one of the most popular adult cam sites where people can stream live sexual based content from their own device via webcams and obtain points/credits which can be then sold off for real money.

Recently CTRLBOX discovered a cache accessible via IP only with no DNS associated with it, it really looked like just another boring open directory with troves of folders, that is until you dig deep and find the files with names like "cam4.3286105159.snap".

cam4 cache snap shots

Because attribution of ownership is very important CTRLBOX set out to make sure that the owners of this are actually aware of what is happening and making sure cam4 was the true owner of the files was fairly easy.  After conducting a whois on the IP address that was leaking the files it became clear almost instantly that cam4 owned this, the IP was registered to mojohost.com and in the DNS contact information was a link to Surecom Corporation who is the registered owner of the cam4 trademark.

After various attempts to contact cam4 via email and contact form i attempted from twitter, first the official cam4 twitter account who straight up told me to email them because they are just social media person with no contact to IT/security. I then tried cam4support on twitter who took a week or so to reply to me on twitter only to tell me to email cam4, which had already been done various times.

The caches contain a huge amount of files, with a total estimate some where between 6-6.5 Billion in total. The contents of the cached images vary a lot and is pretty disgusting to say the least which makes this a worry that it is not locked down so it can not be stumbled on so easy by underage persons.