World-in-HD (WiHD), a French private video torrent community, accidentally left an unsecured instance that disclosed user emails and passwords, according to the Cybernews research team.
WiHD, known for its high-definition movie torrents, was found to have unintentionally exposed the private information of tens of thousands of its users.
WiHD serves as a private tracker dedicated to the distribution of high-definition video content, offering a range of French and English-language TV series, movies, animations, and more to its registered users.
Unlike open torrent trackers, private ones often maintain stringent content standards and are typically invitation-only, with some individuals selling invites to the platform for over $100, underscoring its exclusivity.
Nevertheless, the Cybernews team came across an Elasticsearch cluster openly accessible on WiHD that lacked any protective measures. Elasticsearch is a widely-used tool for managing large datasets.
What information was compromised?
The team identified a total of 97,327 exposed accounts in this breach. Both WiHD’s regular users and administrators had their account details exposed through this publicly accessible instance.
The compromised data includes:
- User email addresses
- IP addresses
- Service-related information
- Usernames
- Hashed passwords for all torrent users
Exposing such sensitive user data to the public internet raises significant security concerns. Malicious actors could potentially combine IP addresses with email addresses, thereby pinpointing user locations.
Researchers have voiced their concerns, stating that “Threat actors could engage in various illicit activities, such as tracking and identifying users for legal repercussions, launching targeted phishing attacks, or potentially exposing users’ downloading habits, raising privacy and legal concerns for affected individuals.”
The most probable cause for the exposed Elasticsearch instance is attributed to a configuration error. It’s worth noting that WiHD eventually secured the exposed instance. However, attackers scouring the internet might have already acquired the data for potential future misuse.