A French private torrent community called World in HD (WiHD) inadvertently exposed sensitive user data to the wider internet.
Research from Cybernews discovered an unprotected database using Elasticsearch. The database, the researchers said, contained user emails, IP addresses, service information, usernames, and hashed passwords, for both forum users and administrators.
Almost 100,000 people have had their data exposed this way. Torrents are a way to share big files over the internet, and while they’re not illegal by design, a lot of people use them to share pirated content, such as movies and series, music, games, cracked software, and more. Therefore, having personally identifiable information exposed this way also potentially exposes these people to criminal charges.
Blackmailing the users
Most torrent sites, such as the famed Pirate Bay, advocate the use of VPN when downloading things via torrents, so it’s safe to assume that most users created fake email addresses and used IP spoofing software to remain hidden.
WiHD is a popular video torrent community that specializes in content in French and English languages and tries to maintain high standards. The members have access to high-definition TV series, animations, and other content. Allegedly, becoming a member is relatively hard, as some people were observed selling their invites for more than $100.
“Threat actors could engage in various illicit activities, such as tracking and identifying users for legal repercussions, launching targeted phishing attacks, or potentially exposing users’ downloading habits, raising privacy and legal concerns for affected individuals,” researchers said.
It is unknown if any threat actors (or law enforcement, for that matter) discovered this database before Cybernews did. It is also unknown if WiHD was notified of the discovery beforehand, or if they managed to lock the database down in the meantime.