backtop


Print


After losing 4 million emails, and information on its admins, The Pirate Bay has been taken down for maintenance (screenshot of cached homepage).
Researcher involved said he briefly considered selling the data to the RIAA/MPAA but decided not to

In an interview with security blog Krebs on Security, Argentinian researcher Ch Russo revealed that he and two of his associates discovered multiple SQL injection vulnerabilities on the world's most popular torrent siteThe Pirate Bay.  They successfully exploited these vulnerabilities to gain 4 million users user names, e-mail, and internet addresses.

While the vulnerability exploited is quite different, the leak is very reminiscent of the recent snatch of iPad buyers' email addresses by Goatse Security.  Unlike that incident, though, the purloined information has the potential to put a number of people in sticky legal water if it falls into certain hands (i.e. the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA)).

Russo said he briefly considered how much the RIAA and MPAA would give him for the info, but decided against selling it.  He states, "Probably these groups would be very interested in this information, but we are not [trying] to sell it.  Instead we wanted to tell people that their information may not be so well protected."

Brian Krebs -- apparently a 
TPB user himself -- verified that Russo had this info by sending him his username, in exchange for the gathered email and password hash.  Krebs verified these items were indeed correct, validating Russo's claims.

Russo says he made no alterations or deletions to the records in the system.

He did, however, gain some even more valuable information than the massive record of average Joe and Jane users.  He also looted a list of the user names and MD5 hashed passwords of the top administrators and moderators for the site.  That list would be particularly of interest to the RIAA and its international sister organization, IFPI, which have long fumbled over attempts to try to shut the site down.

Russo contacted The Pirate Bay about his findings, but has received no response.  The site did remove the insecure component, though, safeguarding itself from future attacks of this nature.  Russo, who is only 23, is leveraging the incident as a bit of a publicity stunt of sorts in order to promote his security exploit software package Impassioned Framework.  He hopes to sell that to business as a tool to perform simulated attacks on their networks and verify security, similar to what the popular Eleonore exploit kit does.

The Pirate Bay has released no official response to the news of the breach.  The latest development is that the homepage appears to be down and displays this message:

Upgrading some stuff, database is in use for backups, soon back again.. Btw, it's nice weather outside I think.

Apparently they took the leak pretty seriously.





"So if you want to save the planet, feel free to drive your Hummer. Just avoid the drive thru line at McDonalds." -- Michael Asher






Most Popular ArticlesSuper Hi- Vision Will Amaze the World
January 16, 2017, 9:53 AM
Samsung Chromebook Plus – Coming in February 2017
January 17, 2017, 12:01 AM
Samsung 2017 Handset’s Updates
January 17, 2017, 12:01 AM
Comparison – Surface Pro VS Tbook X5 Pro
January 21, 2017, 7:00 AM
Comparison – iPad Mini Vs Huawei MediaPad M3
January 19, 2017, 2:08 AM

Latest Blog Posts
Apple Watch
Saimin Nidarson - Jan 24, 2017, 6:51 AM
Some new News
Saimin Nidarson - Jan 23, 2017, 8:59 AM
What is new?
Saimin Nidarson - Jan 22, 2017, 7:00 AM
News
Saimin Nidarson - Jan 20, 2017, 7:00 AM
News of the World
Saimin Nidarson - Jan 19, 2017, 7:00 AM
Some tips
Saimin Nidarson - Jan 17, 2017, 12:16 AM
News of the Day
DailyTech Staff - Jan 16, 2017, 12:10 PM
Tech News
Saimin Nidarson - Jan 15, 2017, 12:32 AM
Here is Some News
Saimin Nidarson - Jan 14, 2017, 12:39 AM
News around the world
Saimin Nidarson - Jan 12, 2017, 12:01 AM
Rumors and Announcements
Saimin Nidarson - Jan 11, 2017, 12:01 AM
Some news of Day
Saimin Nidarson - Jan 7, 2017, 12:01 AM
News 2017 CES
Saimin Nidarson - Jan 6, 2017, 12:01 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki