A French personal torrent neighborhood referred to as World in HD (WiHD) inadvertently uncovered delicate consumer information to the broader web.
Analysis by Cybernews found an unprotected database utilizing Elasticsearch. The database, the researchers mentioned, contained consumer emails, IP addresses, service data, usernames and hashed passwords of each discussion board customers and directors.
Virtually 100,000 folks have had their information uncovered on this approach. Torrents are a method to share giant recordsdata over the Web, and whereas they aren’t unlawful by design, many individuals use them to share pirated content material, reminiscent of motion pictures and TV exhibits, music, video games, cracked software program, and extra. Due to this fact, having personally identifiable data disclosed on this approach doubtlessly exposes these people to legal prices.
Extortion of customers
Most torrent websites, such because the well-known Pirate Bay, advocate the usage of VPN when downloading issues by way of torrents, so it is protected to imagine that almost all customers created pretend e mail addresses and used IP spoofing- software program to stay hidden.
WiHD is a well-liked video torrent neighborhood that focuses on content material in French and English and tries to take care of excessive requirements. Members have entry to high-definition TV exhibits, animations and different content material. It’s reportedly comparatively troublesome to change into a member, as some folks had been noticed promoting their invites for greater than $100.
“Risk actors can interact in varied unlawful actions, reminiscent of monitoring and figuring out customers for authorized penalties, launching focused phishing assaults or doubtlessly revealing customers’ obtain habits, elevating privateness and authorized considerations for affected people,” researchers mentioned.
It’s unknown if any risk actors (or legislation enforcement, for that matter) found this database earlier than Cybernews did. It is usually unknown if WiHD was notified of the invention prematurely or in the event that they managed to lock down the database within the meantime.