Ankans1876

Uploader

Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker

0 views    posted 19 Sep 2012, 15:01    
In an unprecedented data breach, tens of thousands of usernames and passwords from large private BitTorrent tracker RevTT have been leaked onto the Internet. The attackers, who call themselves Afghanistan Hackers, leaked the user/pass combinations via The Pirate Bay. The initial response from RevTT was to censor all discussion of the data breach, even as hundreds – possibly thousands – of accounts were being used without their owners’ permission.

Late Tuesday evening European time, an individual set out to share information with the world that he appears to have had in his possession for some time.

image

Using the name ‘Afghanis’ he uploaded a torrent file to The Pirate Bay. It pointed to just 675K of data but today the effects are being strongly felt around the private BitTorrent scene.

“From Civilized Afghan Society, of course we do have stupid Talibans also but we do have very well educated people living in beautiful Kabul City,” a text file with the release reads.

“RevTT is hacked by Afghanistan Hackers !!!”

RevTT is short for RevolutionTT, a private BitTorrent tracker that was founded around 6 years ago with a reputation for indexing a wide range of content. It is unclear exactly how many users are on the site since its operators appear to hide stats from regular user view. However, all the indications suggest that there are at least 40,000 and very probably tens of thousands more.

While the ‘hackers’ claim to have the entire RevTT database along with 50,000 user/pass combinations, the text file uploaded by Afghanis actually contains around 40,000 27,000 19,000 pairs.

After they were uploaded to The Pirate Bay last evening the free-for-all began.

image

Very quickly people who had downloaded the torrent started logging into RevTT using not only regular accounts but those of so-called VIPs who have access to exclusive sections of the site.

While some undoubtedly decided to grab whatever content they could, others carried out other activities including sending out invitations to people who aren’t already members. Worse still, all details of the compromised accounts were available to the intruders including email addresses, statistics and all activity associated with the accounts.

Needless to say, if users maintained the same username and password on other sites their accounts elsewhere immediately became vulnerable. Judging by the number of users who used the word “password” as their password, the chances of major screw ups seems high.

After trying to alert site staff, TorrentFreak watched as panicked users learned of the breach and posted their concerns in the forums, begging site staff for information. Site staff responded by quickly removing all discussion of the breach, banning the accounts of people posting in the threads, and eventually posting the notice seen below.

image

Of course, people are now wondering how on earth this happened and the answer is far from clear. There are many theories being circulated, including that this wasn’t a ‘hack’ as such but a leak of a database backup, possibly due to a historical admin dispute.

What is clear however is that according to several reports from users on the site who had their details leaked, the data within the torrent isn’t particularly fresh and could date back some time. Users know this because their user/pass combinations are ones they used previously but have since been changed. There is a lesson to be learned here about changing passwords frequently.

Now, some 9 hours after the leak, RevTT appears to have been locked down, but the mess this will leave behind is bound to be significant and could even get worse. The ‘hackers’ say that in 1 to 2 weeks they will release more data, what exactly that will be remains to be seen.

Top Comments

9
Rgeneb15224 • 19 Sep 2012, 15:59
Anyone using password as their password truly doesn't care if they are hacked or not. My legal defense when the download stormtroopers kick down my door is "Look I was hacked by Afghans, go pick on the Taliban instead of innocent little me"
5
Ankans1876 • 19 Sep 2012, 15:45
They are just for sharing the info..!!
2
DineshJackson18.45K • 19 Sep 2012, 17:26
Hey Can You Get Me Brazzer's Password

All Comments

0
Pick_n_Roll21.13K • 20 September 2012, 01:25 Show comment
This site was not worth of creating an account, anyways if anyone want the password text file can PM me :)
0
Burgundy.7050 • 20 September 2012, 02:04 Show comment
loltitter

0
dejunai125 • 19 September 2012, 23:53 Show comment
See I told you we should invest more in Solar and Goat Feces as a way to power laptops!!!! Once again America falls behind the technology curve.
1
licanthrope116 • 19 September 2012, 23:52 Show comment
I'll be interested how they managed to breach their security & i wonder if they're going to target other bit torrents,and how do they manage to pass through firewalls, whats the point in having security if they can be hacked. Informative blog btw...
1
TimeBandits70.14K • 19 September 2012, 18:04 Show comment
Good blog mate.biggrin
2
DineshJackson18.45K • 19 September 2012, 17:26 Show comment
Hey Can You Get Me Brazzer's Password
1
TxNxt2126 • 19 September 2012, 19:31 Show comment
pussword?

1
homi576765 • 19 September 2012, 16:10 Show comment
afghan hackers ay, enough said tittertitter
9
Rgeneb15224 • 19 September 2012, 15:59 Show comment
Anyone using password as their password truly doesn't care if they are hacked or not. My legal defense when the download stormtroopers kick down my door is "Look I was hacked by Afghans, go pick on the Taliban instead of innocent little me"
-1
pbs4134983 • 19 September 2012, 15:34 Show comment
Comment is deleted
5
Ankans1876 • 19 September 2012, 15:45 Show comment
They are just for sharing the info..!!

Report a bug