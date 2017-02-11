An EEOC filing with detailed sexual harassment charges against Hustler’s parent company was among hundreds of Hustler legal documents. Redacted by NBC News.

In addition, a number of California-based law firms were affected in the breach, with papers related to immigration and lawsuits against powerhouse Hollywood studios among those leaked.

Mackeeper said the PIP breach can be attributed to a misconfigured “rsync” backup system — such vulnerabilities occur all-too frequently.

Over the past year, Mackeeper’s security research team has discovered a number of leaks occurring through misconfigured rsync protocols including — but hardly limited to —

footage of an inmate’s death in a California jail, an exposed system at a North Carolina Emergency Medical Services department, and 11 gigabytes of sensitive data regarding Pentagon employees with the Special Operations Command.

Those discoveries weren’t even listed in a year-end tally published by the blog IT Governance, which estimated at least

3.1 billion records leaked in 2016 alone through various breaches and hacking attacks.

Mackeeper’s team — comprised of Diachenko, Chris Vickery and Jeremiah Fowler — spends about three hours each day scanning the internet for security faults using Shodan, a search engine that allows users to examine all internet-connected devices.

Diachenko said Mackeeper made multiple attempts to notify PIP’s parent company, Franchise Services, without initial success.

“We try to identify the owner of the database/device and immediately report it to them,” Diachenko said of Mackeeper’s “responsible disclosure” policy. “Sometimes it takes weeks, sometimes — just a couple of minutes. Sometimes we got threats instead of a ‘thank you,’ so it is a challenging task.”

Initial suspicion aimed at security researchers usually comes from companies who often don’t understand that their data breach occurs within the system, not through hacking or any kind of outside attack.

Luckily, experts say, not many people have the computer literacy needed to stumble across such security faults — and so-called “white hats” like Diachenko hope that by routinely searching for them, they’ll get to the leaks before data thieves do.

“Accessing rsync is almost as simple as accessing an ftp,” Diachenko said in an email. “This is not an average user skill, but I would estimate that 1 of 10 users can do it. Thankfully, this number is not big enough, so we can responsibly disclose those breaches before they are affected by malicious actors.”