A French private torrent community called World in HD (WiHD) has inadvertently exposed sensitive user data to the wider internet.
Research of Cyber news discovered an unsecured database with Elasticsearch. The database contained user email addresses, IP addresses, service information, usernames and hashed passwords, for both forum users and administrators, according to the researchers.
Nearly 100,000 people have made their data public in this way. Torrents are a way to share large files over the Internet, and while they are not illegal, many people use them to share pirated content such as movies and series, music, games, cracked software and more. Disclosing personally identifiable information in this manner could also expose these people to criminal prosecution.
Blackmailing the users
Most torrent sites, like the famous Pirate Bay, advocate using VPN when downloading things via torrents, so it’s safe to assume that most users have created fake email addresses and run IP spoofing software used to stay hidden.
WiHD is a popular video torrent community that specializes in French and English language content and tries to maintain high standards. Members have access to high-definition TV series, animations and other content. Becoming a member is reportedly relatively difficult, as some people sold their invites for more than $100.
“Threat actors may engage in a variety of illegal activities, such as tracking and identifying users with legal implications, launching targeted phishing attacks, or potentially exposing users’ downloading habits, increasing privacy and legal concerns for affected individuals” , researchers said.
It is unknown whether threat actors (or law enforcement agencies) discovered this database before Cybernews did. It is also unknown whether WiHD was notified of the discovery in advance, or whether they managed to shut down the database in the meantime.