Andrew Tate’s Real World website compromised, data stolen

The website of self-proclaimed misogynist and alleged sex trafficker and rapist Andrew Tate has been compromised and data on its paying subscribers stolen.

His now-ransacked Real World site is where the antagonistic online influencer preaches eyebrow-raising life advice primarily to young disillusioned men.

The British-American ex-kickboxer charges subscribers $50 a month with a promise to help make them wealthier, fitter, and more masculine. The site is said to have more than 113,000 active users, and the guy himself has accumulated millions of followers on various social networks, some of which he has been banned and unbanned from.

Intruders said they copied the contents of Real World’s 221 public and 395 private chat servers, as well as 794,000 of its usernames for current and former members plus a list of 324,382 registered email addresses. This info has apparently been sent to the security breach notification service at Have I Been Pwned and the leak site DDoSecrets.

The self-styled hacktivists also spammed Real World’s chat rooms with LGBTQ+ related emojis – owing to Tate’s views on gender and sexuality – and told the Daily Dot his site was “hilariously insecure.” An unpatched flaw allowed them “to upload emojis, delete attachments, crash everyone’s clients, and temporarily ban people.”

The cyberattack unfolded while Tate was livestreaming from his home in Romania, where he remains under house arrest. The 37-year-old is facing trial on charges of rape, human trafficking, and forming an organised crime ring to sexually exploit women. He denies any wrongdoing. An appeals court this week ruled some evidence was inadmissible, giving prosecutors days to respond.

During the data heist on Thursday, the intruders spammed the main message board with pride icons, pro-trans imagery, and AI-generated images of Tate draped in a rainbow flag.

This comes after the Real World was found to have left an 88GB MongoDB instance unprotected online containing records on 968,447 user accounts, thus exposing user IDs, email addresses, encrypted passwords, verification statuses, account recovery codes, password expiration dates, and reset tokens.

The Real World had no response at the time of publication. ®