The names of almost 800,000 registered users of porn site Brazzers have been exposed in a data breach.
The account details were taken from forums associated with the site on which porn fans discuss favourite scenes and performers.
It is thought that attackers stole data by exploiting vulnerabilities in the vBulletin software used to run the chat forum.
Brazzers said it had taken measures to limit fraudulent use of login names.
'Intimate thoughts'
News website Motherboard said the information about Brazzers users was passed to it by Vigilante.pw which monitors breaches. The dump of data includes email addresses, user names and clear text passwords.
The data was taken from the Brazzersforum site that was set up for users but it appears that many people who signed up for the chat forums used the same credentials on the main porn site. The data was stolen in 2013 but has only now come to light.
Security researcher Troy Hunt confirmed that the data in the dump was accurate by checking some of the details via the database of stolen credentials he maintains.
Mr Hunt told Motherboard that the release of the data was potentially more embarrassing than just knowing someone was a member of a porn site because it exposed users' conversations.
"Problem with a hack like that is it's a forum," he said. "Worse than just adult website creds, this is what people were talking and fantasising about."
In a statement, Brazzers confirmed that the breach occurred via the vBulletin software used to keep the forum running.
Mr Hunt said the widely used vBulletin software was often not kept up to date by forum administrators leaving sites vulnerable to attack. Several recent breaches had all been traced back to vBulletin, he added.
Brazzers said it had taken "corrective measures" to protect users and stop credentials being re-used.
