Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

WiHD leak exposes details of all torrent users

World-in-HD (WiHD), a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators. WiHD, a popular torrent tracker specializing in HD movies, inadvertently exposed tens of thousands of its users, the Cybernews research team has recently discovered. WiHD is a private tracker dedicated to […]

UK Visa Site data leak

World-in-HD (WiHD), a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators.

WiHD, a popular torrent tracker specializing in HD movies, inadvertently exposed tens of thousands of its users, the Cybernews research team has recently discovered.

WiHD is a private tracker dedicated to distributing high-definition video content. Registered users can access French and English-language TV series, movies, animation, and other content.

Unlike public torrent trackers, private trackers are often invitation-only and supposedly maintain high standards for uploaded content. User forums lament the tracker’s exclusivity, with some selling invites to the website for over $100.

However, the Cybernews team discovered a publicly exposed Elasticsearch cluster on WiHD that lacked any password protection. ElasticSearch is a popular tool for managing large volumes of data.

What data was exposed?

According to the team, 97,327 accounts were exposed in the leak. Both WiHD’s customers and its administrators had their accounts exposed over the publicly facing instance.

The leaked data includes:

  • User emails
  • IP addresses
  • Service info
  • Usernames
  • Hashed passwords for all torrent users

Exposing sensitive user data to anyone on the internet poses significant security risks, research claims. For example, malicious actors could collate IP addresses with email addresses to pinpoint user locations.

“Threat actors could engage in various illicit activities, such as tracking and identifying users for legal repercussions, launching targeted phishing attacks, or potentially exposing users’ downloading habits, raising privacy and legal concerns for affected individuals,” researchers said.

Further conclusions are reported in the original post on CyberNews:

https://cybernews.com/security/wihd-data-leak-exposes-torrent-users/

About the author: Vilius Petkauskas, Deputy Editor at CyberNews

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, WiHD)