1 min read

Private Torrent Tracker Leaves Database Exposed Online With User Info


November 01, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Private Torrent Tracker Leaves Database Exposed Online With User Info

The owners of World-in-HD (WiHD), a private torrent tracker that offers pirated movies in HD format, left an Elasticsearch database containing sensitive user information.

Many people are no doubt familiar with public trackers such as The PirateBay, which has been active for years. But some private trackers only allow users with invitations to join and require credentials to access the site, making it part of the Deep Web. This means that search engines do not index the website's content.

For some unknown reason, the owners of WiHD left an Elasticsearch database containing user data open and available to anyone, and it wasn't even password-protected. ElasticSearch lets administrators parse large databases quickly. Unfortunately, leaving the database easily accessible from anywhere without credentials is a mistake made too often.

According to a Cybernews report, data of almost 100,000 accounts was exposed, including the following info:

  • User emails
  • IP addresses
  • Service info
  • Usernames
  • Hashed passwords for all torrent users

Several security risks stem from this data breach. Firstly, around 40 percent of users tend to reuse the same password on multiple online services, which means that this data breach will likely impact various unrelated services as well.

Secondly, the information taken from the database includes users' behavior on a website used to pirate multimedia content. The same users will be open to blackmail and phishing attempts from potential attackers.

WiHD eventually removed outside access to the database, but it's impossible to tell how long the information was exposed and how many times it was downloaded over time.




Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like