The leaked data includes photographs and scans of passports, drivers’ licences, credit cards, release forms (contracts), social security numbers, national identification cards and handwritten bios, among other information, according to a report from vpnMentor.

The source of the leaks is PussyCash, an adult affiliate network, the firm wrote in the report. The adult site, including a site known as ImLive, says it has 66 million members. PussyCash hosts affiliate programs for multiple adult sites, paying webmasters for traffic sent to the sites through banners and exit traffic.

The data leaked was from a so-called S3 Bucket, a Virginia-based Amazon server folder with 19.95GB of visible data, vpnMentor said.

“This leak has exposed the personal data and likeness of over 4000 models among more than 875,000 files,” vpnMentor wrote, adding the leak “represents a potentially severe threat to those whose data has been exposed. It has many implications, all of which could very well ruin the lives of the models/actors involved.”

In a statement to Fox News, PussyCash said “privacy and the protection of user data is a top priority and concern for us. For this reason, we acted promptly and removed public access to the open folder as soon as vpnMentor … alerted us to this fact”.

Fox News confirmed with vpnMentor via email that the breach was closed the same day they shared the URL of the folder. “It must be emphasised that no information was leaked, with the exception of vpnMentor,” the cybersecurity firm said. “We are certain that they will not use it for any purpose.”

PussyCash claims the folder in question is from 2013, noting “the information included in the folder contains no information of any performers or members of any website promoted by PussyCash.com, including ImLive.com”.

The breach was discovered as part of a web mapping project, vpnMentor stated. “Our researchers use port scanning to examine particular IP blocks and test open holes in systems for weaknesses,” vpnMentor said in a statement.

In these cases, vpnMentor alerts the company to the breach and, if possible, those affected by the breach.

The cybersecurity company was able to access PussyCash’s S3 bucket because it was “completely unsecured and unencrypted. Using a web browser, the team could access all files hosted on the database.”

This article originally appeared on Fox News and was reproduced with permission