A significant private torrent community recently experienced an inadvertent data exposure incident, raising concerns about the privacy and security of its users. Cybersecurity researchers from Cybernews have uncovered an unprotected database using Elasticsearch linked to the French service World in HD (WiHD), revealing a serious breach.
The exposed database was found to contain a wealth of sensitive user information, including email addresses, IP addresses, service details, usernames, and hashed passwords. Notably, this data pertained to both forum users and administrators, with an estimated 100,000 individuals affected by this security lapse.
Torrent communities, while designed for sharing large files over the internet, often face association with illegal activities due to the distribution of pirated content such as movies, music, games, and cracked software. The inadvertent exposure of personally identifiable information in this breach potentially exposes affected individuals to legal consequences.
It is worth mentioning that most torrent sites, including the well-known Pirate Bay, emphasize the use of Virtual Private Networks (VPNs) when downloading torrents. Consequently, many users employ pseudonymous email addresses and IP spoofing tools to safeguard their anonymity.
World in HD (WiHD) stands as a prominent video torrent community that specializes in offering content in both French and English languages while upholding high-quality standards. Members gain access to high-definition TV series, animations, and various content. Membership in WiHD is reportedly challenging to obtain, with some individuals observed selling invitations for over $100.
The cybersecurity researchers have highlighted the potential risks stemming from this data breach, including the possibilities of threat actors engaging in illicit activities, such as tracking and identifying users for legal repercussions, launching targeted phishing attacks, or compromising users’ downloading habits, thereby raising serious privacy and legal concerns.
As of now, it remains unclear whether any threat actors or law enforcement entities had accessed the exposed database before Cybernews’ discovery. Furthermore, it is uncertain whether WiHD had prior knowledge of the breach or if they have since secured the database.