WiHD leak exposes details of all torrent users
October 31, 2023
World-in-HD (WiHD), a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators.
WiHD, a popular torrent tracker specializing in HD movies, inadvertently exposed tens of thousands of its users, the Cybernews research team has recently discovered.
WiHD is a private tracker dedicated to distributing high-definition video content. Registered users can access French and English-language TV series, movies, animation, and other content.
Unlike public torrent trackers, private trackers are often invitation-only and supposedly maintain high standards for uploaded content. User forums lament the tracker’s exclusivity, with some selling invites to the website for over $100.
However, the Cybernews team discovered a publicly exposed Elasticsearch cluster on WiHD that lacked any password protection. ElasticSearch is a popular tool for managing large volumes of data.
What data was exposed?
According to the team, 97,327 accounts were exposed in the leak. Both WiHD’s customers and its administrators had their accounts exposed over the publicly facing instance.
The leaked data includes:
- User emails
- IP addresses
- Service info
- Usernames
- Hashed passwords for all torrent users
Exposing sensitive user data to anyone on the internet poses significant security risks, research claims. For example, malicious actors could collate IP addresses with email addresses to pinpoint user locations.
“Threat actors could engage in various illicit activities, such as tracking and identifying users for legal repercussions, launching targeted phishing attacks, or potentially exposing users’ downloading habits, raising privacy and legal concerns for affected individuals,” researchers said.
Further conclusions are reported in the original post on CyberNews:
https://cybernews.com/security/wihd-data-leak-exposes-torrent-users/
About the author: Vilius Petkauskas, Deputy Editor at CyberNews
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, WiHD)