Naughty America 2016 Data Breach
ObscureIQ Breach Intelligence
High SeverityWebsite / service breach
Naughty America Adult Entertainment Platform Breach (2016): 1.3 Million Subscriber Accounts Including DOB & Website Activity Exposed
Naughty America is a major adult entertainment brand producing and distributing professional video content. The platform operates on a subscription-based model, granting users access to a large catalog of studio-produced material. User accounts are tied to payment systems, viewing history, and content preferences. // Exposed data includes Email;Dates of birth, Email, IP addresses, Passwords, Usernames, Website activity. High sensitivity. Elevated risk of extortion, reputational damage, and identity linkage.
Verified by ObscureIQ Intelligence
65/100Breach Risk Index
25Data Value
25Market Recency
419dSince Breach
Breach Intelligence Summary
Entity: Naughty America · Actor: Peace · Sources: 7 references
Attack: Unknown
Profile: Company · Premium adult video production and distribution · Subscription-based streaming platform · Global
Timeline: Breach (2016-03-14) · Indexed (Mar 04, 2025) · Year (2016)
Exposure: 1.3M records · 6 fields: Activity History, Date of Birth, Email Address, IP Address, Password, Username
Status: Confirmed
Executive Summary
Naughty America, a major adult-entertainment subscription platform operated by La Touraine, Inc., suffered a data breach disclosed in spring 2016. A threat actor using the alias Peace advertised the stolen database for sale on the dark-web market The Real Deal at a price of approximately $300, an unusually low valuation for a multi-million-record dataset.\n\nThe threat actor claimed approximately 3.8 million user accounts were compromised across Naughty America and affiliated platforms including the gay-content site Suite703 and related community forums. Have I Been Pwned subsequently indexed approximately 1.4 million unique email addresses from the dataset. Exposed fields included usernames, email addresses, dates of birth, IP addresses, passwords stored largely as MD5 hashes, and website activity records covering subscription and content interaction. No financial-account data has been publicly tied to the leak.\n\nFor affected individuals, the practical risk extends well beyond standard credential exposure. The combination of email, date of birth, and account activity records creates a base for blackmail, extortion, and reputational harm tied to documented adult-platform participation. Anyone who used Naughty America or any of its affiliated sites should not respond to unsolicited extortion or blackmail attempts referencing the breach. Such messages are typically mass-targeted and rely on victims paying out of fear. Law enforcement and victim-support resources are the appropriate first point of contact rather than the sender of any such message. Customers should also rotate passwords on any service where the same credentials were reused.
ObscureIQ assessment: Very high sensitivity. Exposure enables extortion, reputational harm, harassment, and identity linkage tied to adult-content participation. Payment-linked records can make blackmail attempts more credible.
Breach Impact
Direct institutional cost to Naughty America from the 2016 incident has been limited. There is no public record of substantial regulatory action, class-action settlement, or large-scale customer-notification campaign tied specifically to the breach. The company's privacy policy, which did not commit to deleting user data on subscription cancellation, drew critical press attention at the time of the disclosure. The lasting impact has been reputational and operational, with Naughty America cited alongside Adult FriendFinder and Ashley Madison as a reference incident in industry discussion of adult-platform privacy. The fact that the data was offered for sale at unusually low cost reflected weak market valuation of the records.
About Naughty America
Naughty America is a major adult-entertainment brand operated by La Touraine, Inc., based in San Diego, California. The company produces and distributes professional adult video content through a subscription-based streaming platform and a network of affiliated sites that share account infrastructure. User accounts are tied to payment processing, viewing history, content preferences, and forum activity. The platform serves a global audience and has operated continuously since the early 2000s. Affiliated brands historically associated with the same account systems include the gay-content site Suite703 and various community forums.
Why They Hold Your Data
Subscription adult-content platforms collect highly sensitive account data, emails, usernames, payment-adjacent records, and viewing or subscription activity tied to explicit-content access.
Recent Developments
Naughty America has continued to operate as an adult-content publisher since the 2016 breach. The company has not been publicly tied to a further major data breach disclosure. The 2016 dataset has periodically resurfaced on dark-web markets and breach-tracking aggregators, with the public-facing record updated by HIBP and DataBreach.com in 2025 as part of broader indexing of legacy adult-platform leaks. The wider adult-platform sector has continued to draw attention from researchers as one of the most consistently targeted categories for credential theft and extortion-driven attacks.
Data Points Exposed
6 verified field types
Activity History
Date of Birth High
Email Address
IP Address
Password Critical
Username
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Credential stuffing against reused passwords across other platforms
- Targeted phishing campaigns using exposed email addresses
Threat vectors:
- Behavioural profiling & blackmail
- Identity verification bypass
- Phishing, credential stuffing & account takeover
- Geolocation & account flagging
- Credential stuffing & account takeover
- Cross-platform tracking & credential stuffing
Threat Actor: Peace
Peace
Unknown
Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.
Recommended Actions
If you believe your information may be included:
Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Naughty America breach?▾
Naughty America, a major adult-entertainment subscription platform operated by La Touraine, Inc., suffered a data breach disclosed in spring 2016. A threat actor using the alias Peace advertised the stolen database for sale on the dark-web market The Real Deal at a price of approximately $300, an…
What data was exposed?▾
Verified fields include Activity History, Date of Birth, Email Address, IP Address, Password, Username.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
Breach Index
Cross-source
9ghz
Cross-source
BreachForums_Official_Index
Cross-source
DataViper.io
Cross-source
Hashes.org
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation