A major private torrent community appaears to have inadvertently exposed sensitive user data to the wider internet.
Research from Cybernews discovered an unprotected database using Elasticsearch belonging to French service World in HD (WiHD).
The database, the researchers said, contained user emails, IP addresses, service information, usernames, and hashed passwords, for both forum users and administrators, with almost 100,000 people thought to have had their data exposed this way.
WiHD user blackmail
Torrents are a way to share big files over the internet, and while they’re not illegal by design, a lot of people use them to share pirated content, such as movies and series, music, games, cracked software, and more. Therefore, having personally identifiable information exposed this way also potentially exposes these people to criminal charges.
Most torrent sites, such as the famed Pirate Bay, advocate the use of VPN when downloading things via torrents, so it’s safe to assume that most users created fake email addresses and used IP spoofing software to remain hidden.
WiHD is a popular video torrent community that specializes in content in French and English languages and tries to maintain high standards. The members have access to high-definition TV series, animations, and other content. Allegedly, becoming a member is relatively hard, as some people were observed selling their invites for more than $100.
“Threat actors could engage in various illicit activities, such as tracking and identifying users for legal repercussions, launching targeted phishing attacks, or potentially exposing users’ downloading habits, raising privacy and legal concerns for affected individuals,” researchers said.
It is unknown if any threat actors (or law enforcement, for that matter) discovered this database before Cybernews did. It is also unknown if WiHD was notified of the discovery beforehand, or if they managed to lock the database down in the meantime.
More from TechRadar Pro
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.