In an unprecedented data breach, tens of thousands of usernames and passwords from large private BitTorrent tracker RevTT have been leaked onto the Internet. The attackers, who call themselves Afghanistan Hackers, leaked the user/pass combinations via The Pirate Bay. The initial response from RevTT was to censor all discussion of the data breach, even as hundreds – possibly thousands – of accounts were being used without their owners’ permission.
Late Tuesday evening European time, an individual set out to share information with the world that he appears to have had in his possession for some time.
Using the name ‘Afghanis’ he uploaded a torrent file to The Pirate Bay. It pointed to just 675K of data but today the effects are being strongly felt around the private BitTorrent scene.
“From Civilized Afghan Society, of course we do have stupid Talibans also but we do have very well educated people living in beautiful Kabul City,” a text file with the release reads.
“RevTT is hacked by Afghanistan Hackers !!!”
RevTT is short for RevolutionTT, a private BitTorrent tracker that was founded around 6 years ago with a reputation for indexing a wide range of content. It is unclear exactly how many users are on the site since its operators appear to hide stats from regular user view. However, all the indications suggest that there are at least 40,000 and very probably tens of thousands more.
While the ‘hackers’ claim to have the entire RevTT database along with 50,000 user/pass combinations, the text file uploaded by Afghanis actually contains around
40,000 27,000 19,000 pairs. (see update below)
After they were uploaded to The Pirate Bay last evening the free-for-all began.
Very quickly people who had downloaded the torrent started logging into RevTT using not only regular accounts but those of so-called VIPs who have access to exclusive sections of the site.
While some undoubtedly decided to grab whatever content they could, others carried out other activities including sending out invitations to people who aren’t already members. Worse still, all details of the compromised accounts were available to the intruders including email addresses, statistics and all activity associated with the accounts.
Needless to say, if users maintained the same username and password on other sites their accounts elsewhere immediately became vulnerable. Judging by the number of users who used the word “password” as their password, the chances of major screw ups seems high.
After trying to alert site staff, TorrentFreak watched as panicked users learned of the breach and posted their concerns in the forums, begging site staff for information. Site staff responded by quickly removing all discussion of the breach, banning the accounts of people posting in the threads, and eventually posting the notice seen below.
Of course, people are now wondering how on earth this happened and the answer is far from clear. There are many theories being circulated, including that this wasn’t a ‘hack’ as such but a leak of a database backup, possibly due to a historical admin dispute.
What is clear however is that according to several reports from users on the site who had their details leaked, the data within the torrent isn’t particularly fresh and could date back some time. Users know this because their user/pass combinations are ones they used previously but have since been changed. There is a lesson to be learned here about changing passwords frequently.
Now, some 9 hours after the leak, RevTT appears to have been locked down, but the mess this will leave behind is bound to be significant and could even get worse. The ‘hackers’ say that in 1 to 2 weeks they will release more data, what exactly that will be remains to be seen.
Update: Due to duplicates and other issues the number of leaked accounts actually appears to be less than the 50,000 claimed by the hackers. As time progresses people are looking more closely at the huge list so we’ll revise this figure when more accurate information becomes available.