Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hack Exposes Pirate Bay User Data

Posted by Soulskill on from the now-looking-for-a-torrent-tracker dept.

tsu doh nimh writes "A group of hackers from Argentina recently broke into the database for thepiratebay.org, the Internet's largest torrent search engine, exposing user names, Internet addresses, and (MD5) hashed password data on more than 4 million users, according to Brian Krebs. He interviewed the leader of the group, Ch Russo, who said they briefly considered what the information would be worth to the RIAA and MPAA before going public with the breach. From the story: 'Probably these groups would be very interested in this information, but we are not [trying] to sell it,' Russo said. 'Instead we wanted to tell people that their information may not be so well protected.'"

11 of 156 comments (clear)

  1. Re:Leak It by spazdor · · Score: 4, Informative

    Because it conflates privacy issues with intellectual property issues. There is nothing hypocritical in trying to contain private data but not copyrighted works.

    --
    DRM: Terminator crops for your mind!
  2. A couple of notes by Andorin · · Score: 5, Informative

    Part of Krebs's story is that he joined TPB's IRC channel in order to bring the issue to the mods' attention. He says he was taunted by mods who didn't believe he was a journalist or that he actually had anything, and then was kicked/banned after he posted the md5 sums for some administrative passwords. In this manner he makes the channel mods look like immature jerks, but I talked to the mod that actually kicked him not long after the story broke. Evidently the guy was typing like an idiot (multiple messages per sentence) and acting in a rather unprofessional manner. Too, the kick was not because of the hashes, which he posted over half an hour before the kick. I just want people to know the other side of the story.

    Oh, and for the record, this leak isn't as big a deal as some might think. IP addresses can be gathered from the swarms themselves, email addresses used by TPB users should hopefully be throwaway addresses, and torrent hashes are inconsequential. Login details might be a problem for Trusted/VIP/staff accounts, but any serious users are not that concerned about this and would have changed their passwords/emails by now.

    --
    That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
    1. Re:A couple of notes by gknoy · · Score: 2, Informative

      What makes this valuable (as opposed to trawling the torrent connections themselves) is the centralized nature: It's already collected. This makes data analysis on it much easier, since prospective users wouldn't need to gather the information themselves.

  3. Re:Enemies List by Andorin · · Score: 3, Informative

    Evidently enough to DoS the hacker.

    --
    That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
  4. Re:what fool provides personal info to pirate bay? by Andorin · · Score: 2, Informative

    The only personal info in question are IP addresses and email addresses. Not that high on the Identifiability scale.

    --
    That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
  5. Re:And this... by Andorin · · Score: 4, Informative

    One, TPB isn't a tracker, it's an indexer. Two, you don't have to register for it; you can download torrents without an account. You only need an account for uploading, posting comments, and viewing/downloading porn torrents.

    --
    That Anonymous Coward guy is pretty annoying. Can we have the government censor him or something?
  6. And no salt! by Anonymous Coward · · Score: 2, Informative

    Thepiratebay didn't salt their hashes. This site deserves to die.

  7. Re:And this... by Anonymous Coward · · Score: 5, Informative

    You only need an account for uploading, posting comments, and viewing/downloading porn torrents.

    You don't even need that.

    Complicated way:
    All you need to view/download porn torrents is to look at uploaded torrents of some user who has uploaded torrents in the porn section.
    Pretty easy to find such a user.
    If you look at uploaded torrents, you'll see "Type" on the left, which will be "Porn > Foo".
    If you click on it, you can browse that Porn section.

    Easier way:
    just browse to
    thepiratebay.org/browse/50*
    with *={1,2,3,4,5,6}
    1=Movies
    2=Movies DVDR
    3=Pictures
    4=Games
    5=HighRes-Movies
    6=Movie clips

    TPB doesn't check whether you're logged in to validate if you want to allow porn material.
    So you really only need an account if you want to upload something or post comments no one cares about.

  8. Re:And this... by Anonymous Coward · · Score: 2, Informative

    You only need an account for [..] viewing/downloading porn torrents.

    Actually, that's not true.
    If you go to http://thepiratebay.org/browse and look at the main category urls, you'll notice they go from /browse/100 to 200, 300, 400, 600..

    Hey, where did 500 go? Let's just edit that url and voila, porn.

    http://thepiratebay.org/browse/500

    And it's the same for top100:
    http://thepiratebay.org/top/500

  9. Re:I don't mind anyone knowing my personal stuff by Anonymous Coward · · Score: 0, Informative

    I'm so sick of people posting xkcd and thinking it's clever. It's not. Referencing isn't funny.

  10. Re:And this... by McTickles · · Score: 1, Informative

    You dont need an account... Just browse to section 500 by editing url.