Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker

enigmax
September 19, 2012
338
RevolutionTT,
RevTT,
security
Print

In an unprecedented data breach, tens of thousands of usernames and passwords from large private BitTorrent tracker RevTT have been leaked onto the Internet. The attackers, who call themselves Afghanistan Hackers, leaked the user/pass combinations via The Pirate Bay. The initial response from RevTT was to censor all discussion of the data breach, even as hundreds – possibly thousands – of accounts were being used without their owners’ permission.

Late Tuesday evening European time, an individual set out to share information with the world that he appears to have had in his possession for some time.

Using the name ‘Afghanis’ he uploaded a torrent file to The Pirate Bay. It pointed to just 675K of data but today the effects are being strongly felt around the private BitTorrent scene.

“From Civilized Afghan Society, of course we do have stupid Talibans also but we do have very well educated people living in beautiful Kabul City,” a text file with the release reads.

“RevTT is hacked by Afghanistan Hackers !!!”

RevTT is short for RevolutionTT, a private BitTorrent tracker that was founded around 6 years ago with a reputation for indexing a wide range of content. It is unclear exactly how many users are on the site since its operators appear to hide stats from regular user view. However, all the indications suggest that there are at least 40,000 and very probably tens of thousands more.

While the ‘hackers’ claim to have the entire RevTT database along with 50,000 user/pass combinations, the text file uploaded by Afghanis actually contains around ~~40,000~~ ~~27,000~~ 19,000 pairs. (see update below)

After they were uploaded to The Pirate Bay last evening the free-for-all began.

Very quickly people who had downloaded the torrent started logging into RevTT using not only regular accounts but those of so-called VIPs who have access to exclusive sections of the site.

While some undoubtedly decided to grab whatever content they could, others carried out other activities including sending out invitations to people who aren’t already members. Worse still, all details of the compromised accounts were available to the intruders including email addresses, statistics and all activity associated with the accounts.

Needless to say, if users maintained the same username and password on other sites their accounts elsewhere immediately became vulnerable. Judging by the number of users who used the word “password” as their password, the chances of major screw ups seems high.

After trying to alert site staff, TorrentFreak watched as panicked users learned of the breach and posted their concerns in the forums, begging site staff for information. Site staff responded by quickly removing all discussion of the breach, banning the accounts of people posting in the threads, and eventually posting the notice seen below.

Of course, people are now wondering how on earth this happened and the answer is far from clear. There are many theories being circulated, including that this wasn’t a ‘hack’ as such but a leak of a database backup, possibly due to a historical admin dispute.

What is clear however is that according to several reports from users on the site who had their details leaked, the data within the torrent isn’t particularly fresh and could date back some time. Users know this because their user/pass combinations are ones they used previously but have since been changed. There is a lesson to be learned here about changing passwords frequently.

Now, some 9 hours after the leak, RevTT appears to have been locked down, but the mess this will leave behind is bound to be significant and could even get worse. The ‘hackers’ say that in 1 to 2 weeks they will release more data, what exactly that will be remains to be seen.

Update: Due to duplicates and other issues the number of leaked accounts actually appears to be less than the 50,000 claimed by the hackers. As time progresses people are looking more closely at the huge list so we’ll revise this figure when more accurate information becomes available.

Previous Post | Next Post

Follow @torrentfreak

Pingback: Torrent News » Hackers Leak 38,000 Passwords From Large Private BitTorrent Tracker
http://twitter.com/Mathew30 Mathew Lisett

” banning the accounts of people posting in the threads” now why the hell would they do this, bloody idiots.

i got bored after the 56 page
- http://torrentfreak.com/ Rob8urcakes
  
  I’m an active Admin on a different site, and I too thought such a ban was rather inappropriate. There’s no reason to do such a ‘blanket ban’, but I certainly sympathise with the problems such a ‘release’ of private info will cause for the site.
  
  That said, I liked Andy’s (ie enigmax) advice of, “There is a lesson to be learned here about changing passwords frequently.”
  Something I’m afraid to say I don’t do frequently enough myself.
  - http://twitter.com/Mathew30 Mathew Lisett
    
    the funny thing about the password bit, and i bring in the situaiton with the group imagine and their ite etc. i was always told to be secretive, keep my ass and everybody elses safe, make sure shit was passworded. yet what happens, their site gets done over, all their systems get taken and their system were not even password protected and they were loud mouthed about the fact their site was up and running.
    
    now its a far bit to the left and right that ive brought up imagine, but its still the fact many of us go on about ensuring privacy and protecting urselvs, yet even the most vocal people that say this stuff are likely the ones that dont cover their own backsides.
    
    now onto the ban issue. as soon as i read this bit, to me it was as if the site were trying t hide soemthign that was actually happening and not the fact they got “hacked” it just doesnt smell right. why the hell would you outright ban members of a community for being concerned over their safety?
    - http://twitter.com/MariaJStewart Maria J. Stewart
      
      One person had this idea and prefixed their password with rev_ but by that you could guess what the password would be for other sites. http://Zap21.com
  - Anon
    
    no honor among thieves. and no surprise here. :-) Piracy is destined to be little more than an anarchic speed bump in the evolution and settlement of the internet. We’ll look back, quantify the privileges we’ve lost to the “hide and grab” piracy mentality, and rue the long term effects that any unlawful behavior has on any civilized society.
    - rennmaxbeta
      
      Does that include the unlawful behavior of governments and big corporations… or just the common folk?
    - http://modmyi.com/forums/iphone-4-new-skins-themes-launches/740147-neurotech-hd.html#post5637502 Jay
      
      @rennmaxbeta:disqus Corruption should be fought at ALL levels, naturally. If the common folk turn to unlawful behavior in order to combat unlawful behavior, then they’re just as bad. Two negatives do not equal a positive here.
    - MAFIAA
      
      @364e047fc3a98c7719c63a3f2ae2254f:disqus
      why do you blame pirates for the lost privileges? it’s not their fault the MAFIAA lobbies for draconian measures
    - Guest
      
      Internet piracy has existed since the very foundation of the internet.
      
      Anon calls it a “speed bump”
      
      lol
      
      I can just picture this clown in the 1980′s and early 90′s proclaiming that warez are little more than an anarchic speed bump in the evolution and settlement of Bulletin Board Systems.
      
      We’ll keep pirating, you’ll keep pretending that we’re to blame for the fascist measures that corrupt governments and corporations use to try and stop us, and the people will smack the governments and corporations down when they get too out of hand(see SOPA, PIPA). These attempts to subjugate the internet and bend it to the will of commercial interests are the real momentary speed bump on the road of history. As we can already see, they don’t – and won’t ever – work.
    - Y U NO UNDERSTAND
      
      The internet was around BEFORE people tried to migrate online and bring their OLD rules with them.
      
      Changing it so as to fit your requirements will not work. It’s delusional to think that way. It shows a fundamental lack of knowledge of how the internet works.
      The Internet is a filesharing NETWORK.
      
      Don’t like the internet….?
      GTFO
    - wcg
      
      Just like the evil cassette tapers that ruined music. Oh wait, that never happened.
  - Andrew Lee
    
    Don’t feel bad you’re not the only one I’m lucky to change mine every 40-60 days or so. Fast as shit moves now I should be doing it every week but I don’t feel like it :/
- RipRevTT
  
  this what happens when you ban other countries: we fuck you
  - FURevTT
    
    that is exactly right! generalizing and banning a whole country is simply being stupid. just like they did when they banned users who asked for info on the hack. all their staff are plain idiots.
    - xpmule
      
      “..their staff are plain idiots.”
      
      you got that right lol
      most admins on any given site are stupid pricks.
      want a nice condescending lecture about the obvious ?
      simply ask a question .. anywhere lol
      
      I could throw up a HUGE list of pieces of shit dick head admins
      that need a swift kick in the teeth by my steel toes..
      including such fine places as,
      
      ThePirateBay:
      Here i created a forum topic bringing up the issue of quality with mass uploaders and the fact that they are not capable of accepting ANY critiscm.
      If you say anything negative you are scum and will be called every name in the book and get a condescending lecture from little bitchs with a chip on their should (many of whom have not been file sharing as long as i have guaranteed!) Fucktard admins told me it’s none of my business what other people upload at TPB and I was asked if i was trying to be crowned the biggest asshole on TPB. This moron i pointed out as an example was soon after given a pretty little pink skull even after acting like a brat, posting non working windows 8 cracks and outright false info. And all this douche does is what the others do at TPB which is download any uploaders release and strip and names out and add their own a dozen times and re-upload so they can get their attention they crave so desperatly. I have seen deleted my account and requested my forum account be retired the place is a joke period.
      
      IsoHunt:
      New account there last year i had made no comments anywhere at all except 3 or 4 fakes reports where fake cd’s or tv shows were password protected and i made my first shoutbox comment in response to someone saying the site was the best place on the planet and i replied, LOL hell no compare the results to other search engine and you will see the search quality / results are mediocre. The faggot admin Nephilim or whatever his fucking name is dived on my like a fly on shit saying i had just registered and made tons of negatives comments (flat out lie) and warned me like i was a 5yr old that stole a cookie lol ..i told he could suck my fucking dick and please do me a favor and remove my account.. this place is bullshit and go fuck yourself ;) Another place full of idiots and cocky assholes and p2p noob kiddies.
      
      PsychoCD:
      Over a few weeks i started getting angry and mouthy threats out of the blue about my ratio over there and no one had noticed for ages my ratio was kinda crappy until i said thank you on a couple albums.. So I started uploading max speed 24/7 for about a week and my ratio was shooting up fast ! But that wasn’t good enough i still kept getting more and more threats by different admins warning me about my ratio EVEN after i told them i was doing everything i can to fix it and sorry.. So.. the last extremely rude and threatening PM send me over the edge i told them fuck you and fuck this shit disable my account I don’t need the mouthy pm’s and harrasement. so they did and now i can leech from them like crazy and they can’t do shit about it ;) Fuck them LOL
      
      All this is typical.. fucking little douches think their big shots and fail to see they are fucking nobody and their awesome web site is fucking gay lol
- Afronauts
  
  I got banned in a community for telling a Gamestop joke lol…
  - Thetreatmentworx
    
    xpmule. chill out man. i dont think the internet is for you.
downunder

how pointless hacking the wrong people on the web,.. they should be going after the MPAA and rich corp who cares nothing for the little man
- http://twitter.com/AngelAl13125140 AngelAlonso
  
  Teresa explained I am in shock that a single mom can get paid $5155 in 1 month on the network. have you look this(Click on menu Home)
- http://twitter.com/AngelAl13125140 AngelAlonso
  
  …
  goo.gl/lPCzS
- Lol
  
  actually revTT is getting money from people donations more than any other tracker and lets be honest they are here for the money just like MPAA so i dont give a fuck about revTT
  - downunder
    
    regardless though.. private trackers like thebox revtt may be full of ego admins and money grabbers who will cancel your account if you leak videos but still not the best site to target and release emails is it..
    
    but having a read of TPB comments.. search for Revtt
    your see couple saying their names listed 4 times and the
    passwords non match and many accts tried and dont work
    
    i have to agree now days passwords are encrypt and stored in
    data.. when you login the password is encrypted and matched to the encrypted one to validation.. how most websites do it
    espc torrent sites Im sure
    - Guest
      
      Some passwords to work.
      
      And obviously a lot of people share passwords across multiple sites.
      
      One person had this idea and prefixed their password with rev_ but by that you could guess what the password would be for other sites.
      
      I have so far accessed a few accounts on different sites due to this.
  - http://www.facebook.com/profile.php?id=100000617943487 Máté Bikfalvi
    
    I’m pretty sure TL gets more donations than RTT. Don’t be bitter if you got banned.
    - TickleMyElmo
      
      Last time I checked TL was raking in over 40k in donations monthly.
      Another big one was Bitsoup. The owners actually own 7 sites in total last I checked earning almost as much as TL on each site monthly. Most of the admins don’t even have a day job.
    - downunder
      
      the sad thing p2p is mostly people after tv shows more then anything with ad free.. some grab p2p shows over watching on their own cable as they can be bothered with all the promos ruining it every 10min.. once they use to be at end of a show where they should be.. but now days.. they assume people have poor bladders and need a cuppa and piss break every 10 min worse is the promos are recorded for peak volumes adn blasts you out of the chair.. they always get muted in my house
      
      but getting back to it.. the sad thing is the media coys all could be making that 40K a month might not be much but if they offer
      cheap formats most would pay a subs to get it each month liek they do for the private trackers
  - http://www.facebook.com/people/David-Mills/654956009 David Mills
    
    And we are there for practically free shit, so whats your point
  - KraPpz
    
    yea remember SCT? they were getting 6K euros a month and right b4 the closed they had a donation push for ‘hardware upgrades’ it got to like 15k and oops the hardware failed. Cant really blame em though. they put their asses on the line for 5 years running the best tracker they should have gotten something for their time.
- http://twitter.com/krozareq krozareq
  
  Most hackers feel they are above our silly ideals. To most of them, there are only 2 people in the world: Coders and n00bs.
  
  They’re content to watch the world burn as they don’t care about it in the slightest.
  
  Hacktivists are pretty rare.
  - juchmis
    
    That is a provably false, ignorant blanket statement.
    
    It’s like saying “Most capitalists feel they are above our silly ideals. To most of them, there are only two people in the world: haves and have-nots. They’re content to watch the world burn as they don’t care about it in the slightest.”
    
    It’s only ever the most damaging people anyone ever looks at, and then creates horribly inaccurate blanket statements like yours. No one is really “to blame” here, not the capitalists, not the pirates, not the hackers, not the apathetic average citizen. It’s only people like you who are to blame. I’m going to assume you are a pirate, since you are on TorrentFreak.
    
    When we make blanket statements about companies and artists and film studios, you undermine the discourse in a very serious conversation. When you make blanket statements about hackers, you are doing the same thing. And when they make blanket statements about the pirates, the hackers, or whoever, they are damaging the discourse tremendously.
    
    Everyone’s just working to sway those average citizens to lend them their support, anyone making blanket statements is making anyone on “their side” look like equally as uneducated. That’s really what it comes down to. Educated vs. uneducated.
    
    I doubt you intended to insult anyone or the seriousness of the topic but moving forward in other areas not on a site as one-sided as this, try to keep these points in mind when commenting or trying to sway another person’s opinion. You just may influenced people by respecting the discussion, and being as valid as possible.
    - Strazdas
      
      ((( It’s like saying “Most capitalists feel they are above our silly ideals.
      To most of them, there are only two people in the world: haves and
      have-nots. They’re content to watch the world burn as they don’t care
      about it in the slightest.”)))
      
      And what would be true
- http://modmyi.com/forums/iphone-4-new-skins-themes-launches/740147-neurotech-hd.html#post5637502 Jay
  
  Taking shit that’s not yours isn’t a romantic act of vigilance against oppressors – it’s petty criminal behavior. There are methods for dealing with corruption – grabbing a media file off the internet does absolutely nothing useful in this fight.
  - MAFIAA
    
    what about copying shit?
    - http://modmyi.com/forums/iphone-4-new-skins-themes-launches/740147-neurotech-hd.html#post5637502 Jay
      
      In order to protect people that actually create wealth (rather than those that simply copy it), rules and regulations concerning the distribution of that content have been written into law. Copyright law.
      
      Information is privileged, it’s not and never has been a ‘right’.
    - lily
      
      i just retweeted your post. hope you dont mind :)
    - Riaa
      
      no i don’t mind. nobody bothers reading your tweets anyway
lol

Hopefully the idiots who still insist on using one password for everything will now realize how stupid doing that actually is.
- Danny
  
  I use several main passwords depending on how much I value the account.
  
  For all the various forums I am logged to I use the same pass as I can never be bothered to gen new ones for these as they don’t matter.
Pingback: Hackers Leak 38,000 Passwords From Large Private BitTorrent Tracker | SKP News
http://twitter.com/krozareq krozareq

Sweet. Always wanted a free account there that I can leech up. I’m a pirate afterall. You account is fair game too :D
pirate

Absolute diabolical site, deserves everything it gets
- Whome¿
  
  as is your mom and so does your mom in her buttcrack..
Jackie

These Afgan people must start using their talent in something good…all they like to do is kill people and become a threat to the world. :/
- The_Strawbear
  
  I think you wrote Afgan when you meant to write American
  - FUCK YOU!
    
    Man shut the fuck up already with the US hate shit.
    - Trashbash
      
      How about that for doublethink. Wake the fuck up. You get what you pay for.
    - redacted
      
      How dare he say something that is empirically true!! Just because we’ve killed countless innocent civilians, inc many women and children, doesn’t mean you have to talk about it!!
      
      We didn’t kill them in the BAD way… We killed them in the GOOD way… Y’know…. “collaterally”,, or, “accidentally” (hey, sometimes the intel is wrong….just because you came home to find your mom with a hunk of shrapnel hanging out of her dead face, is no reason for America-bashing!)
      
      Geez! Kill a few tens of thousands of innocent people while pursuing a private profit agenda and suddenly it’s hate, hate, hate.
      
      Damn America bashers and their perfectly rational reaction to mass murder!!
      
      We’re the BESTEST you dummies!!!!!
- meowmix
  
  like… the good old us of a.
  - Memnok919
    
    America bashing IS getting old tho……. can we go back to some good old Germany hate? Why not north Korea? And I can’t remember the last time some came back with a “those damn chineses!”
- Guest
  
  I’d argue that showing the world how private trackers are unsafe bullshit is doing a good thing.
  
  Because seriously, what exactly do private trackers accomplish? They just lock up content so that you can’t access it unless you join their little club and they give people a false sense of security(“Ha ha, this private tracker is totally safe unlike those public sites! It’ll never have its passwords hacked or be infiltrated by the feds or anyth-ohshit “).
  - Guest471
    
    Exactly.
  - Withheld
    
    The authorities dont have the time and resources to bother with private trackers who represent a tiny proportion of the overall downloads.
  - yello
    
    More content and better seeded for longer… dont h8 cause you cant get on them :)
    - Guest
      
      I like TPB more.
  - gou
    
    as yello mentioned, there are those of us who prefer private trackers for other reasons. Fewer H&Rs for instance.
Justas

Did take a look at the list of accounts. 19K credentials in the list, but exactly 8.000 unique pairs, so it look like hackers didnt had access to all database or RevTT community is rather small
- BellyButtonCHEEZ
  
  you sir must be a jobless basement dweller
  - xpmule
    
    You must be a gross pig with a name like that buddy
    
    god forbid someone uses their fucking brain lol
    
    Quick everyone make fun of ‘em !
    - Peterh1
      
      You are f’#kin epic my friend kudos to you for having the balls to stand up to these big-shot wannbe cowboy admins ….nice ..your not a member of cg peers by any chance are you…?if so look me up pete…DJ if your on there you’ll get why i put the last letters…:)
  - RIAAtarded
    
    no he is someone with the skill to use a sort and uniq command and spent 2 seconds to do so.
Certified_immature

I think the site is run by immature adolescents, or absolute idiots, who else?
- Pwrrqcol
  
  Yeah, most likely.
  
  I guess the banning of anyone who asked the question of why/how proves it.
  
  Although… I think they actually did them a favor by banning them LOL
  Who on earth would want to be a member there, when they treat their members like that?
  - WinstonTPB
    
    and this bitch made ass site bitched about censorship laws
- Guest
  
  The absolute idiots sounds about right…
  Anyone who has the slightest bit of inteligence knows when your running phpadmin to run in in a renamed folder at least….
  I can tell you right now how easy it is to hack phpadmin ;)
Aa

Only 8,3k unique pairs login+pass in the dump. Plus multiple passes for the same login. Obviously no database access occurred, data was sniffed during login process.
Pingback: Hackers Leak 38000 Passwords From Large Private BitTorrent Tracker | Exploit Archive
Me

damn it where was my invite huh??
Ransackedcrew.info

join

ransackedcrew.info

wont get this problem as were nailed down!!
Abunchofgibberish

Couldn’t have just written the tracker’s name in the title of the article? Need pageviews that badly?
Pwrrqcol

Oh-ho

Private trackers are sooo safe girls and boys… NOT!

LMAO
Pingback: Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker | SKP News
http://www.facebook.com/profile.php?id=100000617943487 Máté Bikfalvi

Just downloaded that torrent and checked it. They were right about not releasing all users (if you know what I mean) so I’m eagerly awaiting their next upload. If that won’t have the info I’m looking for than nice hoax, if it does, meh not a big loss.
- anon
  
  I can tell you right now it wasn’t a hoax.
  
  My username and password were on the list. Thankfully I don’t re-use passwords.
http://www.facebook.com/profile.php?id=676827475 Luke Solis

anyone have an account to let me in :P
Theone

i love it i have a VIP user name now :) thank your Mr Taliban / who ever share this hahah
- Guest
  
  LMAO if you look through that list there is a super account in there as well with a working password….
  By super account I mean a non listed staff member who has staff tools.
  - BiNIGGA
    
    staff tools? revtt staff can eat my stools. for reala
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT
anon349

RIP RTT…

all seriousness aside, this news is definitely my favorite of this year BY FAR 2012 rox!
Pingback: Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker | Best Seedbox
Pingback: Is it true? RevoTT hacked? - Page 4
Wet

Theone,

Just let me tell you. That wont last! :D
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT [EN]
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT | El Tenanpa
Bubanee

OMG! what is it with private sites…
you can get all you need via public and not have an account!….
- private-tracker
  
  yeah, right… you know the truth!
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT | Shft
Pingback: The Pirate Bay seep in over 38,000 passwords RevTT BitTorrent tracker | Tech Crash
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT | Compupixel
Guest

fake hack is fake

only 8372 distinct id/password in the file
- Guest
  
  I don’t think you know what the word “fake” means.
Sgt_paper

none of the combo works anymore. Maybe RevTT has disabled these accounts!
RigBow

ut oh, that certainly cannot be a good thing no?

PlanetAnon.tk
Tyler Durden

Got VIP account:
http://i.imgur.com/0zmpR.png

Didn’t change password. Hope owner returns and changes the password of their account.
- Guest
  
  Your lucky im not staff there… if you are the one who is seeding all those files it was be pretty easy to figure out which account your using.
  Then again im lucky im not staff there as well.
- Fail Troll
  
  You blurred out the username of the account you supposedly hijacked, lmao
- Groovesan
  
  Looks like revTT admins are playing dirty games, “black”mailing real money from users. Pay money or use seedbox.
  - ^ Idiot
    
    Pay money, use seedbox……or upload like a normal person who isn’t so greedy they can upload the amount the download.
  - Fail
    
    thats called the donations page retard. every private tracker i know of has one and its not compulsory. so you sir needs to do some research into the word blackmail.
Bla

Well RevTT handled this well lol. I wouldn’t even want to be on that site anymore. RevTT is dead cause of how staff handled this.
Lolnotrandomlol

Tried a name and password on gmail. Got in.

Tried the same on his paypal. Got in.

Deleted his stored credit cards so none will buy stuff with his paypal.

Wrote a cautionary note on his email and signed it “Your friendly neighborhood spider-man”
- http://twitter.com/krozareq krozareq
  
  I’ll delete your email and send a better one -The Batman
  - Lolnotrandomlol
    
    Sure either way the stored credit cards are removed. And lets see how long it takes you too find the right user name.
    - Carlos
      
      I need a serious hacker to work with and make $,pls add me on carlosshina@yahoo.com for discussion
  - meowmix
    
    sign it as wintermute. i bet whoevers account it is would have no fucking idea who williamg gibson is or get why wintermute is a good nym on the interwebs.
  - CarltonBanks
    
    exactly my point. kids
- meowmix
  
  that’s realy cool you did that. you are a decent chap. that’s one person protected from thier fuckup. i never thought to check paypal or anything like that for the 10 or so accounts i managed to log onto.
- albie
  
  “Tried a name and password on gmail. Got in.Tried the same on his paypal. Got in.Deleted his stored credit cards so none will buy stuff with his paypal.Wrote a cautionary note on his email and signed it “Your friendly neighborhood spider-man” “Everybody gets one.
  - CarltonBanks
    
    lame still. what do you want some kind of party-hat for you efforts?
- soph
  
  why is everyone liking this douche’s post, he took the time to try some poor guys login everywhere he could until he found success. if your gonna me nosey enough to do that, the fact he didn’t steal money from his paypal doesn’t make him to be some sorta robin hood. it makes him just as bad as the guys who leak it in the first place!
  - NobodyInParticular
    
    not really, Lolnotrandomlol just saved some guy from the next asshole who decides to hack his info and steal his shit.
Dupe

and the whole exact point of doing something like this is…….?????

proving that users dont change their password often enough or that the sites security is crap?
- http://twitter.com/krozareq krozareq
  
  Usually it’s done because of no security.
  - Anon
    
    NO Security? -.-
Anon

Got a VIP acct. Changed PW and email and download all the shit I can get ASAP. Win. Also got into paypal and amazon using the same login but won’t do anything. Excitement.
- NotAnon
  
  I got in with a VIP account as well. Had a look at what they had to offer and there was nothing there that I couldn’t find publicly. The only benefit that I could see was that they get TV shows about 90 minutes before public sites. I just logged out and went back to using public torrents.
- Fail
  
  coward at least go the whole hog and order something from his amazon and paypal account to your addres, or too much of a coward for that cause cause you know you’ll be caught?
anon2

just change your password ASAP, problem solved.
Alex

Users can’t change their password since the site is in lockdown and all accounts are banned.
- meowmix
  
  bollocks. i was on there about 10 mins ago.
  - Alex
    
    well I sure can’t user my login anymore
    - meowmix
      
      possibly you are one of the unlucky people who has had some unscrupilous fuckhead take your account. bad luck mate.
      
      mayb.e if you tell them what you’ve dled, they can varifiy you are _you_. that’ll work if your tracker doesn’t display what you’ve dled so whoever has hijacked your account cannot provide the same information.
An0n1m

i think they got a very old database. almost all the users in that list were multiplicated. some of 2-3 times some even 15 times. so making a simple math there less than 5000 accounts compromised. I also saw my account in that list but the pass is so f***** old.
- meowmix
  
  if i do the captcha, will i find out what the missing letters are behind the *’s?
Undone

RevTT should have resetted ALL the passwords for members, and send emails with apologies explaining the situation as a first step… not locking the whole site and banning their users. Losers…
Some staffers are just morons with 0 (zero) communication or mediation skills. Ban, ban, ban. And admins or owners should learn to part with quitting staff in a nice, friendly way, always – or they expose their site to such scandals, as most people are vengeful SOBs.
- Alex
  
  well said
- MelvinMeow
  
  All they would really have to do is add a few lines of code to the login page for a few days. This code would check the users recent ip vs the current ip thats trying to sign in. When they dont match check to see if its the same isp, If the isp is the same proceed to let them login if its not the same force a password recovery and tell the user to check their email. This would bypass a whole lot of issues. It wouldn’t even take me 5 minutes to write this code.
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT - La Isla Buscada
Pingback: Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker - WHangOut Webmaster Forum
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT « BlackBerry Warez | Blog
Youmom

do you guys beleave everything you see and here on the internet this shit is fake
- Alex
  
  unfortunately no it’s real. May be smaller than advertised but my account is on that list and it’s impossible to log back into the site. Fortunately it was a unique password for RevoTT so I couldn’t care less.
anon2

Changed mine last night no problem, and just had no problem logging in now with new pass.
TPT

no passwords or usernames i tried are working
Igothacked

I just wanted to say that my account was hacked and like an idiot i was using my “good” password for it.

I woke up to an email from “my friendly neighborhood spider – man”. And all i want to say is thank you and God bless you. Obviously piracy isn’t the most ethical thing depending on who you ask. But you at least saved me from not having my damn bill money syphoned out of my bank account via paypal. FML what an eye opener.

Anyways, i can’t thank you enough, whoever you are. I hope you read this, because i really appreciate what you did.
- Lolnotrandomlol
  
  No problem man. I trust you have changed passwords now? Got to say seeing your response felt goodman.jpeg.tiff.exe
- ItWasntMe
  
  Wait till you check your paypal account.
gumbI

Well i love the way hacked or leaked database is used by all the nubcakes

But this was nothing more than to cause trouble for revo staff simple revenge on some banned users part

If this had been a proper db hack etc revo wouldnt be online rite now and if it was pro traders that list would of been fuckin golddust and worth a fortune

Now they were banning users in forums beacuse they didnt do the decent thing and follow standard protocol and message staff as i would if i had serious security concerns but were spamming the forums and irc with the link to the pirate bay so best way to handle something this serious ban ever account on that list let the real users come into help and sort it out

And if you look real close to that list a rtf document on piratebay LOLZ
its a log of pws gathered from lots of sources    think about how many private sites you been on asking all users to change passwords

and the lesson of the day is dont use same password on ever site you join and randomise said passwords ever month

lazy is what lazy does   ………………….
- Guest
  
  I had a unique password for revtt, you fucking idiot, generated using keepass. IT WAS IN THAT FILE.
- Jacob
  
  Gold dust? Seriously? Do you have no idea how easy it is to get into your site and free leech stuff off-tracker or just cheat?
  
  Those are rhetorical questions, by the way. I was just reading this IRC log http://pastebin.com/vbHp10pQ where you reveal yourself to be immature, ignorant, rude, and delusionally arrogant.
  
  You are either wrong or a liar.
  - Jacob2
    
    lol 90 pages on sb-i will disagree with your characterization of RevTT being easy to cheat on.
- Guest
  
  “If this had been a proper db hack etc revo wouldnt be online rite now”
  
  Umm, it isn’t?
RTT

The DB was not stolen or hacked, all passwords in the DB are stored using unique salts and are hashed and impossible to reverse into a list like this. The list is at least over 2 years old and most likely came from users clicking on some rouge link or having a virus that steals passwords at some time. Only a handful of user/passwords were usable, the rest were either fake or wrong. There will be no additional release made by the so called “hackers” as there is nothing new for them to release.

Accounts on that list were locked down not banned for the safety of the site and the users on that list and are recoverable through the IRC #help channel (irc.revolutiontt.net). Accounts were not banned for posting news about the hack, the posts were deleted or locked, only accounts on that list were temporary disabled.

You should not believe everything you read on the net so blindly, is any lessons should be learned from this it is to regularly change your passwords, never use the same password for your email accounts, paypal and other sites too.

I can assure you all that are worrying there is nothing to worry about, this has been blown out of proportion and an update to the site news will be made very soon, but right now staff are dealing best they can with the flood of users that were locked out in the IRC #help channel.
- David S.
  
  Jesus Christ, you are still lying and covering up?
  
  My damn username was there with my latest password.
  I changed my password 2 weeks ago and found my username on that txt file, including 3 friends of mine.
  
  All passwords were correct.
  
  I tried 35 accounts, out of 35 accounts i logged into 29.
  
  I don’t think 20,000 users clicking on a virus or rouge link, you have to admit that you are a liar F00K.
  
  At least mass pm all users and let them know.
  
  I was donor to your site and i am done with RevTT, you can disable my account.
  - RTT
    
    Sorry should have said this list is “made up” from several things, like already mentioned but also previous lists released on the net in the past. Believe what you want, there was no DB hack at all. It’s not got 20,000 names/passes in it either.
  - Beer
    
    IF that is true then you changed it to a password that you used 2+ years ago. NO account past early 2010 was affected.
    - Jacob
      
      For sure your last statement is not true. And I did not change my password back to an old one.
    - Guest
      
      Your comment right there is full of shit. My account is less than 3 months old and was in the list with the proper password I use only on rtt.
  - BitSoup
    
    RTT, go suck your dad’s dick, you fucking lame asshole.
    
    The revolution has come to an end for RevolutionTT.
    
    You and all your immature staff can go fuck themselves. Wankers.
    - Guest
      
      Lol, chill you hypocritical fucking tard. Why all the hostility? I would highly suggest you employ some decent designers/coders with half a brain to fix BitSoup’s shitty childish pixelated 90′s look before you bitch about Revo. A few uploaders with decent speed and new staff without the attitude wouldn’t go astray either. The begging of donations every month gets a bit annoying too.
    - leet
      
      you sound bitter. fu*k off back to bitsoup and cry there then!
    - Mark
      
      All you are is a pathetic little troll spouting verbal diarrhea while hiding like a true coward behind a name that is not yours nor has anything to do with you. Get a life.
    - IPT
      
      I hear you BitSoup, RevTT have treated their members atrociously, and for that the members should vote with their feet and leave RevTT to die a slow death.
      
      The staff at RevTT are just profiteering with all the generous donations they receive. Ahh, screw ‘em I say.
      
      Private trackers are competition, so I hate them all.
      
      As long as there’s competition, we’ll continue to shit on you. Long live IPT.
- Guest
  
  Salted passwords are still hackable. There are app that do just this thing. All you would really need to hack encrypted passwords on your site is an existing account on your site. I would then go through the process of trying to decrypt my own password till it was my real password in plaintext. There you have it… the salt key that was used to decrypt my password would be the one to use to decrypt everyone else.
  
  I am guessing the salt key is somewhat random and unique and not an actual word. Thus making it harder to brute force but not impossible given time.
  - RTT
    
    the salts are unique to each account
    - puddipuddi
      
      From what I hear all over the place, random people are using other people’s accounts. Is there a way you can ban all of those accounts, or do they just keep them now?
    - pz
      
      The salts are also plainly visible in the same db as the user/password, they are crackable, but it obviously takes time
    - Guest
      
      If the salts are unique to each account then you must be storing these salts somewhere eh? More than likely in the same users table in the database…. which ::cough cough:: doesn’t do much good anyway.
  - retaliate
    
    You can use a salt derived partly from the string in the code AND a variable drawn from the relevant record so that someone would need both the DB and the server-side source code in order to even apply the correct salt to a dictionary list (assuming the target was dumb enough to use a dictionary word).
    
    I typically use both DB and hardcoded salts in projects.
    
    As for hacking it… well, you could salt each word/char-combo you want to try before SHAing it and seeing if there’s a match but it is an irreversible algorithm, that’s why there are SHA hash lookup sites instead.
    
    You can’t decrypt an irreversible hash. ^_^
- Alex
  
  Password reset via #Help channel. Thx
- Guest
  
  My account was on that list and i wasn’t disabled. Bullshit. Also, i personally logged in 5 out of 5 random accounts from that list (using proxies, of course) so that’s the real thing. And lastly, how do you know that whoever got this list the first time can’t get it the second time as well?? MORONS.
- Jacob
  
  You are such liars.
  My password was younger than 6 months old, and several others have testified their passwords younger than 2 years old were compromised.
  
  You say – “most likely came from users clicking on some rouge link or having a virus that steals passwords at some time.”
  
  I really wonder how much thought you put into this, if any at all. Just the mind-blowing arrogance and lack of awareness of your technical ignorance it takes to type those words are enough for me to avoid your site like the diseased wench. When you add to this the extremely antisocial and incompetent way you handled the issue when it came to light, make it a diseased wench with a fetish for torture.
  
  I’m sick of posting on here in what is probably a futile attempt to debunk your lies.
  
  I wish you the worst of luck in your future endeavours.
  - Guest
    
    Didn’t you know… 1/3 of their userbase clicked to visit this password stealing link… including a staff member ;)
- retaliate
  
  Seeing as people are stating their accounts (within 6 months, etc.) were on the list, is it possible that the data was obtained via XSS?
  
  (I’ve not seen the data so don’t know if it’s just u/p combos or whether it has identifying/account/etc information too?) but if you’ve salted the passes well before hashing, it’s a possibility to look at.
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT | Desgobierno de Chile
innocent

Hey Gumbl

What kind of banned users would have a copy of 2/3 year old names/ passwords.

Does it happen so often on Revtt that they actually have a standard protocol on their site for when rogue staffers splash their members details all over the net,

Not seen one of those on a proper tracker
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT | TECNOLOGIA Y NOTICIAS
Last

Stuff this, my account got locked so I now have 5 new accounts from that list.

Im gonna leech your site like crazy now!
- Beer
  
  If your account was locked because it was comprised you could just get it back in IRC. Although, now that you say you are logging into other accounts that isn’t going to happen.
- BitSoup
  
  Leech like crazy ? That’s lame. Fucking rape the site. Go on my son, rape RTT, the fucking bastards.
http://www.facebook.com/people/David-Mills/654956009 David Mills

Revolutiontt staff is top notch, I trust them :)
- user
  
  then fook you if you trust them
  - Ganja
    
    I trust them also, i have been there for nearly 6 years and the staff is top notch.
    - Anderson L.
      
      then f00k you too if you trust those stupid staff deleting my comments on forums talking about leak.
    - Alyahya1ster
      
      its amazing that i hear all this negativity from the users of revott. i have been a member for about 6 years (311 weeks) and my password has been the same the whole six years and it wasn’t leaked. my email wasn’t hacked.
      
      and as far as them leaching donations from us well how bout torrent leech which you have to pay to stay a vip. the reason why they get so many donations a month is because you are paying for premium access.
      
      at revo i have been a vip for the whole six years i have been there and donated out of my own choice. i wasn’t forced. but out of the 1.229 tb i have uploaded not even 1/7 of that is from donations.
      
      if you don’ t like revo then leave or just don’t use it but stop bitchin about a track you either can’t get into or got banned from.
- BitSoup
  
  ‘Revolutiontt staff is top notch’ ? Yeah, course they are – top notch mutha fucking bastards.
  - Guest
    
    I always considering telling you guys that you should rename your url to bitshit.
    I decided to tell you guys now.
    TBH I’m surprized bitshit hasn’t had their database exposed as well. I have reported exploits on your site countless times to staff members on your site. Over 6 of them were on the browse page alone.
    (1 of them was fixed when I reported it. so Hoorah to that.)
    If you spent as much time fixing your site as you spend slamming RTT you could possibly have a site design that is from this century. The 1990 design is so old.
    Then again the design RTT has I had done one very similiar in like 1996.
Martin

I suggest REVTT have open signups for those of us who lost their accounts.
- Top
  
  How are you supposed to prove who you are?
- Beer
  
  Just come into IRC
  - users
    
    some shit kick us from IRC for asking questions
- Anderson L.
  
  Martin, who want to join a dead tracker?
  Sign up today and after 1 week your password will be flying on ThePirateBay.
Guest

What a bunch of idiots, storing passwords in CLEARTEXT!!!.. i assume that’s the users’ fault as well, as staff was saying on irc last night.
- RTT
  
  I repeat no passwords were or ever have been stored in plain text. There is a lot of misinformation on the net and in the very thread as well as a lot of other bullshit flying around too.
  
  All of the accounts on that list were locked down as fast as they could have been within hours, most of them the user/pass combinations didn’t work, but they were all locked down as it’s impossible to know if a user/pass works or doesn’t work as there is no way to tell other than trying the user/pass, this is because the DB does not contain the passwords in plain text as already mentioned. This is why when you do a password recovery from the site you’re not sent your existing password you get a new one because even the site cannot reverse the users salted and hashed password.
  
  Of course there will always be people who will continue to post misinformation here and try and say otherwise like “I logged into 5 accounts just now” or “yes my 2 week old pass was on this list”… These are people for whatever reason have a grudge against RTT or just trolling, please don’t listen to them guys.
  
  Everything I have stated is true, the site is safe and your accounts are safe, if your real user-name and pass were actually on the list, you haven’t changed it in over 2 years and it got on that list through you either signing up to a fake site with the same user-name and pass you use at RTT or something else that fooled you into supplying your details to somewhere else not RTT. Your account is totally recoverable if you pop into the IRC #help channel on irc.revolutiontt.me where yo can get enabled and reset your password.
  - puddipuddi
    
    I don’t think you disabled all of the accounts on that list… I know quite a few people on there that are still using the site after changing their psw. Well they’re not using the site now becuase it’s down…
  - Anderson L.
    
    RTT, How long you are here to continue your BS ?
    We are done with RTT and searching for another home.
    
    I really liked RTT but after this, i washed my hands.
  - BitSoup
    
    “I repeat no passwords were or ever have been stored in plain text.”
    Don’t fucking bullshit us. We can smell the acrid stench, and it’s coming from you.
    
    “There is a lot of misinformation on the net and in the very thread as well as a lot of other bullshit flying around too.”
    Too damn fucking right there’s bullshit and misinformation flying around, and they all coming from you.
    
    “Of course there will always be people who will continue to post misinformation here”
    Like you, the bastard.
    
    “Everything I have stated is true”
    Bullshit you fucker. You don’t half talk shit. Screw you asshole.
  - Jason19724
    
    i been with them for years cannot login in saying email not in the data file can you help me i try going to revolutiontt.me
    can not work for me
innocent

David Mills
Thats the same as saying the Americans saying Bin Laden was a good guy.
Pingback: Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker | Exploit Archive
Pingback: In the News.. | TorGuard.net Blog - Anonymous VPN Services
KiRE

So these guys “pulled” out of their goats to play on the computer??
- meowmix
  
  if they fuck a baby goat, they realy would be kiddie fuckers.
Mouseanony

Publicity stunt from a dying tracker that always sucked.
http://twitter.com/viciouzex Joseph Fernandez

Dammit, I have to change my password from ballchinian to something else now.
uJonesing

I’m suprised so many people still use BitTorrent to make private trackers relevant. I’ve since moved on to the Sneakernet for my main source of content. Sure, the latency is a lot higher, but the bandwidth is HUGE; just a day to copy a few hundred GB’s of movies.
- http://twitter.com/krozareq krozareq
  
  Good for you then. If it works for you then go for it. But don’t come here bitching about P2P protocols when someone in your “sneakernet” probably got it from here,
Martin

Sites gone.

RIP REVTT
- puddipuddi
  
  In irc they say it will be back in a day, they are shutting it down while they figure out what happened.
  - Guest
    
    Dont you find it odd if the accounts as they say were all from 2 years ago what would it matter? lol
    Goes to show that RTT’s story is a cover up as shitty one at that. right?
    - HaHa
      
      Nice try but no one ever said what would it matter, just that the list is old as shit, incomplete, and full of dupes.
ANON

I have an account there. I have invited 6 people and my friend invited me there. None of those accounts were posted in that .txt file on pirate bay. I use an unique password there and everywhere else, most sites I use an unique username even. So so far this has not effected any of these people.. But. I suspect most the people I invited do not use an unique password, so when they post that entire list…

I noticed the list had a ton of dupes also, I threw it in a good text editor sorted it, etc. I think the main problem is that the site had the passwords so insecure. It is one thing is a hacker gets away with an encrypted, salted database.. but..
- Beer
  
  No database hack..
  
  Passwords are not stored in plaintext..
  - Guest
    
    So how do you explain the leak then? It’s either a db hack/exploit, or some serious shit in your code. Where did these plaintext password came from??
- T4
  
  Just because your username wasn’t listed in the file it doesn’t mean your account wasn’t comprimised, mine wasnt on list but i know it was hacked too. Also apparently this list isn’t the complete works.
RIAAtarded

man oh man a lot of BS in this thread seem like every second post is “in the know” on the trackers inner workings. Sad they’re having issues but in the end it changes nothing. Those banned / disabled have nothing to worry about from a security perspective only makes good sense to lock your accounts down until they assess the issue. Then throw up a backup copy of the database before the issue started and force everyone to recovery password and change to login. Done deal. Stragglers can hit their irc channel listed in another post here.
Rusty Shackelford

If they are banning people just for commenting about the leak, I can’t feel bad about the hack
- Beer
  
  I would suggest that you don’t believe everything you see on the internet….Only compromised accounts have been disabled. No one was banned for discussion.
  
  Way to spread FUD, TF. Congratulations…
  - Jacob
    
    This is a lie. I watched it happen exactly as Rusty described.
    - puddpuddi
      
      The ban you saw was because someone was posting in the forums with the hijacked accounts. The true owners of the hijacked accounts have to go to #help and get their accounts sorted.
  - Theone
    
    stop telling shit every one saw what happen i have a VIp account and still using let me see when you will find me!
ScrewEwe2

Afghans have computer technology? I thought their most recent technological breakthroughs were donkey carts with rubber tires. At this rate they’ll have paved roads, suburbs and McGoatburger restaurants every 5 miles.
- Guest
  
  Contrary to what the article states it was someone from Romania that did it.
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT Noticias
Pingback: Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker | Zombie Torrents - Ultimate Torrents Downloads
Beond1153

The group responsible are pathetic rag head kids who have been paid off by Anti Piracy groups to commit these attacks.
Lets all hope that they end up getting hit by a stray bullet in their country like most of their family members did.
anon

Why in the blue fuck would they store the passwords on the database in plain text…
- Beer
  
  I wouldn’t believe everything you see on the net. Passwords are not stored in plain text.
- BitSoup
  
  Because they’re are bastards, plain and simple.
Sandforth21

simple question are we finished or are we still able to connect ….cos I cant ?
- Beer
  
  The site is down for the time being. When we are back, just come to IRC if you still cannot access your account.
- BitSoup
  
  simple answer you’re more than just finished, you’re shafted mate, good n proper.
Alex

My personnal password was on there bug it was indeed more than 2 years old (but solely for RTT). A friend of mine wasn’t on the list and another one was but with an old password that wouldn’t do much good to anyone. That username/pw tandem of mine was solely used for RTT and on my personnal PC at home. Never got infected or else.

my 2 cents
- Alex
  
  * bug=but
Just another comment

FUCK YOU ENIGMAX. You had NO reason to mention which private tracker was “hacked”. Way to bring more unwanted and unneeded attention to the site.

Your views about so called “elite” trackers has clearly gotten in the way of judgement.

Why not make a list of all the private trackers you know? Makes me question what side you are really on. It seems BAD NEWS would actually HELP your “cause” and site more than good news. I should have figured this out all along. You’re a TPB shill, using this whole internet freedom BS as a way to earn yourself some cash. Act like the majority here who are against the the attacks on BT, but deep down you gain more profit by reporting bad news. This article alone I’m sure generated some nice ad revenue.

Would not be said to see this site disappear.

I see through you and your bullshit.
- redacted
  
  Sorry, ‘just another comment’ – While i have no doubt whatsoever that your heart/loyalties are in the right place, that comment is silly, sophistic horseshit.
  
  Information is power. Censoring information is counter-productive and anti-BT by definition. What, TF should be publishing articles featuring nothing but ‘good’ news? Yeah, that’s helpful. Let’s just keep our side ignorant, despite the fact that those who oppose us know are fully aware of everything. Let’s pretend that if TF doesn’t print it, the forces aligned against BT users just won’t find out about it somehow.
  
  These aren’t tactical secrets relating to an ongoing defensive action by hackers loyal to the founding principles of the net / BT. ffs.
  
  Unless i’ve seriously misread your comment (which is entirely possible, i suppose), what you’re suggesting is absurd.
- Theone
  
  he is in your mom side, haha true story should be published, what ever it is, you are thinking like dictators shit
- ScrewEwe2
  
  TorrentFreak didn’t break this information, they just reported on it. The news about the leaked passwords was out there many hours before TF reported about it. Your conjectures are baseless and worthless. I’m sure the MAFIAA come’s here first every morning, to find breaking news for strategic means in their losing attempts to stem piracy.
  - Guest
    
    Your correct I have known about the hack for over a week now…. as have others.
    I knew about it before it even hit tpb.
    - BitSoup
      
      You should be awarded a Gold medal for your awareness.
- Guest
  
  Do you really think that “they” needed a report like that to know about this tracker?
  
  “they” are everywhere already (for years).
  Wake up and smell the coffee sonny.
Beer

” banning the accounts of people posting in the threads”

What a load of BS. The ONLY reason anyone has been disabled is because their account was compromised. And of course it is TEMPORARY. It was done to protect people’s accounts..You know from them being hijacked, etc., etc., etc.,

Thanks for the FUD, TF.
- Jacob
  
  This is the second time I have seen this lie on here. I watched it happen exactly as described. It was as if the staff felt the people that were concerned about their security were trying to start trouble, or you were trying to suppress a panic.
  
  And I think your motive for suppressing this panic is so that no-one leaves your site, which after this experience I can only recommend you do. For HOURS after it was confirmed these accounts were vulnerable you deleted all messages highlighting the problem before finally putting up a bullshit message saying there was no hack and people should only change their password for “piece [sic] of mind”.
  
  Just read this log of what was said in IRC after this happened http://pastebin.com/vbHp10pQ. People come on because they are afraid their security has been breached and staff act like anything they say is inconveniencing THEM more than the members.
  - RIAAtarded
    
    until there is an official announcement on what has happened and where the data came from it is irresponsible to to comment or allow rouge post from user to stand speculating what ‘may’ have happened. It is easier to kill all discussion until you know the facts then to have to deal with useless banter and speculation for hours when there is more pressing issues. Which would you prefer they lock down the effected accounts and forums pull the site and find out if there is an issues at all or leave it all live and risk further damage while they cater to all the ‘what if’ and trolling of who’ve read things on the net and take them as gospel because the internet is never wrong.
  - Bud
    
    And you can see IP’s and know whether an account has been compromised?
Just Curious

If the representative from Revo’s postings on this site turn out to be true, then the majority of this article should be retracted. But then again TorrentFreak is notorious in its prejudice against members-only sites, so this will probably never happen.
Ha

The only ones i feel sorry for are the users who have had the accounts/info exposed.

Ive never liked the site shit design and the staff have a serious attitude problem so i wont be crying for RevTT tbh .
- HaHa
  
  Cool story. Got banned for speedcheating or what?
Heisenberg7

Seems the site is now down to prevent any more “hacks”. Shame :/
Kevin78

All your data bases are belong to us.
- BitSoup
  
  Non-applicable meme, as RTT says db was not hacked. But RTT speaks from his arse, so who knows.
Blahblah

Looks like a hack of sorts to me. Or about 10,000 people had a virus without knowing about it LOL

RTT is done for.
redacted

For fuck’s sake, i can’t believe all the racist bullshit in the comments attached to this article.

Bittorrent advocates, by definition, should be better than that.

“ragheads”?? What the fuck is that?? What the fuck is wrong with you??

I agree that these little pricks are unrepentant assholes; but they are assholes because they personally are assholes, not because of their ethnicity or national origin. Fucking obviously enough.

When you base your insults about them on their race, you prove only that you are an ignorant fucktard that isn’t worth listening to. You prove only that you yourself are an idiot (literally, an idiot); an idiot whose analysis is so weak, whose perspective is so limited, that you base your judgements on the most superficial observation possible.

It’s really hard to believe that someone wise/competent enough to use bittorrent to begin with – someone informed enough to seek out a news site like torrentfreak – could possibly be this ragingly ignorant.

“ragheads”

Just fucking embarrassing and disgraceful.

Assholes are asshole because they are assholes.

Including their racial background in your insults strongly suggests that you think it is relevant to their being assholes; which, obviously enough, makes you an asshole.

Assholes.
- Blahblah
  
  Your vagina is showing dude
  - redacted
    
    yes, private christian schoolboy, fighting bigotry makes you weak. Just ask jesus, he knows everything. He hated ragheads too, right?
    
    Lessons in manliness from a wealthy christian child
    
    Now THAT’S funny.
- Zebra52
  
  All ragheads are assholes. Therefore you must be a raghead.
- ScrewEwe2
  
  Is towel heads, tablecloth heads, napkin heads, handkerchief heads or some other generic piece of cloth worn on the heads of middle easterners ok? I do agree, calling Camel Jockies Ragheads is not very nice, and those who use it will go to their Islamic Hell for doing it. On the bright side, you and I will go to Islam Heaven and score 72 female virgins cuz we got fucking morals and shit. Blessed be the name of Mason Profit.
German Laser

#sort RevTT Database (Username and passwords).txt | uniq | wc -l
8390 pairs
Valid

“HACKERS” what has RTT done other then provide quality content and suport filesharing this could have happened to any site R.I.P u say RTT I say R.I.P Filesharing when we cant even unite as pirates.The Anti-Piracy groups have already won.
- http://twitter.com/krozareq krozareq
  
  Hackers have nothing to do with pirates.
Guest

too bad i really liked this site! looks like i need to find a more secure place to call home.. :(
Seriouly

Calling Rev A big tracker with a reported database of 40k is stupid when the site it was originaly posted on ipt has 3 times as many users and charges 20$ for an account….and where more then happy to post a link to tpb.sorry for bad english
Hillbilly Jedi

Fuck !!! Been a member since 07, this really sucks for me.
Sod

My account was listed on that document, luckily I changed my password about 2 weeks ago
chronoss chiron

“From Civilized Afghan Society, of course we do have stupid Talibans also but we do have very well educated people living in beautiful Kabul City,” a text file with the release reads.
that tells you all you need to know that its state sanctioned as the only people wanting kabul as is are USA favorites….ya know mpaa riaa and fbi friends
- http://twitter.com/krozareq krozareq
  
  The whole Afghan part sounds made up. Kabul is uglier than West Texas and you don’t see anyone in West Texas proclaiming its beauty outside of Big Bend.
Nsane_kid

The rtf file is old, at least for my password
Pingback: The Pirate Bay – Más de 38.000 contraseñas del tracker de BitTorrent RevTT | www.Faltariamas.com
Theone

wow http://www.Speed.cd open sign up for RevTT refugees,
- RIAAtarded
  
  lol.. refugees.. it isn’t gone
  - James330
    
    At least it has a better security than RevoTT.
- Anderson L.
  
  Thanks, will sign up now.
  
  I am done with RevTT anyway.
  - meowmix
    
    ok. what was the url for whatever tracker, its always nice to check something new out. if you don’t do that, you don’t know if something is shite or not, unless you get info from people you trust.
    - James330
      
      They flagged it, no idea why tho. it was speed.cd
    - Guest
      
      They probably removed the url cause the site mentioned speed.cd has been horse whipped… aka its been being monitored for several years now.
- puddipuddi
  
  meh, keeps telling me wrong code.
  - BitSoup
    
    You’re a little dick that’s why
    - puddpuddi
      
      And will you please, kindly suckadick. Because the shitty spammed site someone posted is broken, it is my fault. I eventually got in, and the site is hella lame. Please, 1700 badly seeded torrents? You sir, are an idiot.
    - Guest
      
      You found out his was little by comparing it to yours eh?
      Your boyfriend told you yours was little so you figured since his is the same size his is little too….
Guest11

Enjoy speed.cd! :D lol
twinkleballs

ummmm yeah, looked through the list, and it is either a total fake or it is ancient. Have little or no fear, unless you have not changed your pass in the last 6 years.
hella weak!
Ill check the list for you if you want ;)
Hehe

Woo, i got TONS of lewt from this, was ace.
- Lily
  
  you need to use your penix more and your keyboard less methinks.
  - Hehe
    
    You fucking wish. Now stop as u make me feel dirty.
Hehe

oh and I’m seeding it all everywhere. Share/Care
Your sis

I’m gonna have sex with all the staffs’ mothers. FACT.
- Guest
  
  Their moms have dicks…. so enjoy that ;)
Missanthropic4u

I love RTT with all my heart… and not because of the site… because of the community my info was on that list sure but the pass might have been the first I ever created 3+ years ago… I know they are working hard to get this fixed. My only thought is why I heard to hear this info through the grapevine and not from the site directly.. they should be notifying their members of this kind of breach immediately… I have not not received any information from them directly which is a bit of a concern
- puddpuddi
  
  You wouldn’t hear anything form the site, because the site is down. They shut it down to deal with the issue. It’s easier to shut it down while the problem is dealt with so people don’t keep spamming the site with hijacked accounts…
  
  Give them a chance, they were blitzkrieged with this shit
  
  Yes they mass banned accounts, but they were hijacked accounts, which started in the forums (which started this whole mess of banning innocent members asking for answers on the issue).
  
  The members can get their accounts back by going to irc help
  
  What, you say “Oh don’t ban those poor members.”
  
  What do you think they will just say, “fuck it, those poor members got their accounts hijacked, let the intruders have the accounts.”
  
  What do you want? What would you do?
  
  They didn’t ban those people for bringing awareness in the forums. The people bringing awareness in the forums were people posting with hijacked accounts@ac772b48d6728242138b1df18c9716e5:disqus No shit they got shut down you retards.
  
  Not staff, just a member disappointed in torrentfreak
  - Guest
    
    Any staff member with the brains of a triceratops would have simply written a simple script that changes the users password then sends the user a recovery email.
    The password change would be because the recovery email doesn’t change the password until the user actually clicks the link.
- tiny
  
  the site is still down. a statement will be made one it is back online, stay tune.
ZADMiNO

HEY YOU GUISE COME OVER TO SPEED.CD

WE BE TEH SAFEST SITE ON THE EARTH!!!!!!!

DONATE AND SIGN UP NOWW!!! LOLZ
- meowmix
  
  someone created an account for me there and sent me the information annonymously. i have not the faintest clue who it was. i cannot say i’ve done anything more than log on to it.
  - Umbobo
    
    it was me….
- Guest
  
  You guys being monitored by the feds and all its about as safe as the titanic.
  
  Any questions?
Adfe

Message posted to RevoTT
anonymous

This is the message now on RevTT

www is down, tracker is up. all users on the list have had their passkeys reset

www should be up tomorrow sometime after a few tweaks. just to be clear the DB was NOT hacked.

more info once the sites backup
- Sure
  
  not hacked?
  SUUUURE
- Guest
  
  What good does resetting passkeys do when the passwords are not changed LMAO
  Are these staff braindead or something?
JonasREVO

RevolutionTT <3
- Hakim Paaji
  
  F00k RevolutionTT
  - JonasREVO
    
    It took me 6 years to express that! For you, I use 7,85 seconds to say fcuk you….
Machial

RTT staff is the most stupid staff ever.
R.I.P RevTT

They are still hiding the hack.
- Guest
  
  No matter how hard they try to hide it… the cats out of the bag.
  Their comments are only making them look more stupid.
- Umbobo
  
  RTT staff is the most stupid staff ever.
  
  Welcome to world of irony son.
Abdul

R.I.P
Hakim Paaji

Keeping Password in a plain txt file ?
oh right… i am done with this stupid tracker, searching for a replacement.
Aliena Ferox

Glad I never registered there! That’s about all I have to say.
Joe

OMG
Thank god i never registered there, even if they open registration, i will never dare to register on that sh!tty tracker.

I hear news from TF rather than them.

How can i even trust them not selling my information to third-party ?

Everyone – close your account at RTT and find another home.

R.I.P RTT
- Guest
  
  You don’t have to worry about RTT selling your info a third party.
  They rake in enough money from donations to now worry about doing that for some time.
  OOOOOps with the max exodus of users from this HACK going on maybe they will have to sell your info to pay for their nexy can of beans.
- Fail
  
  why would you hear it from them if you claim you never registered there? why should they inform you about stuff your not even a member of or want to be.
…

Hack or not… this smells more like a disgruntled ex-staffer who got purged and took some goodies with him/her.

There’s ALOT of double (And up to 10x per user account) entries in the list and it’s all from years old info to last few months.
So the numbers are highly inflated, but it’s very real ^^

I see all the people hating on RevTT, but infact it’s probably people who’s angry because they didn’t get an account or got banned for various cheating.

Suppose the staff could have informed about what was going on, instead we had to find it out from other sites :P
K0rnflake

maybe it was a trick to get more ip address’s to ban see who try’s to log in with the “leek”
- Umbobo
  
  What the hell! How can someone do this is a vegetable ?!?!
  leek? Would it not be better to use a carrot?
  - Umbobo
    
    *with
Tralala

This all sounds like a false flag, staging a hack, and then claim to need more donations to improve security.. Rev tt knows their pappenheimers.. Fear works!
- puddpuddi
  
  I think you used a little too much tinfoil while making that hat…
EricPost

If they went after What.CD or Waffles, that would kill music downloads for a long while
Gimmethelootson

Well, my name is on that list. I’m actually a Topline user there. The passwords listed here were so old. Before the site went https. Even before that I had changed my password. But that was over 2 maybe 3 years ago. But curious thing is I did use the same password for almost every tracker I was on back then. Glad I don’t ever use the same one for Paypal or any email accounts.

As far as how staff handled this, the first thing that had to be done was to tell Staff what was going on rather than spam it all over the place like it already was. Besides a lot of what was happening int he forums seemed to be from the hacked accounts. Rather than just innocent members.
I don’t know who thinks this was a real hack because its rather pathetic. I still don’t understand why my name was on that list 5 times. But like I said, really old. RTT will be back shortly. Temporarily down, not gone forever.
- http://www.facebook.com/people/David-Mills/654956009 David Mills
  
  Yeah I’ve been a member there for over 5 happy years, My name wasn’t on the list either, hope the site is back up soon. Unlike many others, I have no other options available :(
fuck

Anyway, i won’t use revTT again! I had 3 years old vip, first year donated a lot. Fuck it, nobody care about money i care because i had same pass on my all accounts, paypal and safepay. Retard staff
- thatguyupthereisaretard^
  
  lol you are really really stupid
No

Just to update, the site is back up. RevTT confirmed the site was NOT hacked, the DB does not store users passwords in plain text. The site has been secured to only run on https/ssl now, all account passwords have been reset.

Apparently only a handful of accounts were compromised, most of the passwords had since been changed, they put the security breach down to most likely a case of cross site scripting exploit from back when the site was http only, that would explain a lot, the odd format of the pw dump, the dupes, the tiny fraction of unique users affected and the age of the data.

Basically, user error by all the newbs :)
- OPXYZ
  
  @no
  You’re probably the only one who believes their blatant BS story on the home page. Don’t know why they are refusing to admit they got hacked but they did and are now trying to blame the users.
  
  I have been a member there for over half a decade and will continue there for a long time to come but the staff have never been very user friendly to say the least and they seem to be becoming even less.
  - learn2fact
    
    obviously wasnt a hack. they would have gotten the entire database with 30-50k unique usernames as opposed to the less than 8k that got released. definitely more than a handful of accounts were compromised, but the site never said a handful, that was @no’s paraphrasing. I dont know how many exactly, but if I had to guess it would be a small percentage of those ~8k listed.
    
    Passwords are stored encrypted so even if it was hacked many of the passwords used would take decades to bruteforce. there was no intrusion on the servers themselves and there is tons of evidence it was a login hijack. eg duplicate names recorded in plain text from each time someone attempts a login, people trying to login to the site with their email address when obviously that wouldnt work. typos… old accounts that dont even exist anymore, old passwords from years ago ect. i personally talked with the admins and support staff, so you can rely on your hearsay crap but il stick with the facts thanks.one more thing, if you dont break the rules, and arent an idiot, staff is pretty friendly…
  - RIAAtarded
    
    M8 what you choose to believe is entirely up to you of course but if you have a vision of what happened in your head and aren’t privy to the actually details what are you basing your claims they are BS you on. If you look at or downloaded the torrent you’d know it wasn’t a database dump the info is a mess and it isn’t 50k worth of info so at the very least they lied and can’t count. There are emails in it, special characters, white spaces all stuff that isn’t valid in the username or password fields but is quite common for users to enter in those fields in error. Plus multi passwords for the same user?
    If you a user there you know all this. How many passwords do you have that work? I dare say only the one. Any special characters in your nick? white spaces? no they are disallowed. Plus reading hear it is all the same thing. Read the comments most have said how long they’ve been user there, lot in the years lends credence to the claim it is old data as I don’t see any new users claiming the same. Also never read anything blaming anyone including disparaging remarks against those that released the info who imo would deserve it. As with anything it is up to the user to do with the info what they will.
  - nope
    
    Are the staff very nice? Often they’re not, no. I’ve never wronged them or done anything stupid so my personal interaction with them has been fine, however I’ve seen them act like dicks to other people.
    
    But so what? That doesn’t actually give us a good excuse to simply disbelieve what they’ve said, all the technical factors here point towards the DB not getting hacked, or any part of the site being compromised.
    
    It’s some form of user error, I agree with their assesment, we’re not going to see any more usernames and passwords released like the “hackers” said they would, it was just a smear campaign to make the site look bad, you fell for it and let yourself become manipulated, good job.
    - http://www.facebook.com/john.shepherd.77770 John Shepherd
      
      If they weren’t hacked, where did 19,000 user passwords come from? That’s not “user error”.
- Joe
  
  @no Thank you for the BS.
  I am done with that stupid RTT staff and stupid site. better i spend time on a secure torrent site.
Pingback: Más de 18.000 cuentas del tracker RevolutionTT filtradas : Ibeamaka
Pingback: Más de 18.000 cuentas del tracker RevolutionTT filtradas | Capitan Crunch
Just Curious

Looks like it’s time to print a retraction Torrentfreak. Ever heard of accurate reporting?

In his rush to print an exciting and sensational article “enigmax” reported a load of inaccuracies, falsehoods and lies. If you want to keep any semblance of credibility you’ll print a full retraction… but I doubt that will ever happen since your prejudice against members-only sites is legendary.
- James330
  
  Yeah right, they got hacked dude. Keep spreading lies to cover up your for their mistake.
  - Frontier
    
    Like you have a clue. Their tracker is based on TBDev like most private sites. TBDev doesn’t store passwords in their DB. Just salted / hash keys.
    
    If they were hacked were are the email addresses and IPs?
    
    Anyone who has a slight technical clue can see that this was a http/xss/sniff and its your own fault for using http. Looks like Rev has disabled http all together now.
    
    Haters going to hate
Pingback: Más de 18.000 cuentas del tracker RevolutionTT filtradas | Virus Expert
dionrook

http://al.ly/ELM
Pingback: Filtran en The Pirate Bay más de 38.000 contraseñas del tracker de BitTorrent RevTT | El Correo
shnshnshn

http://lnk.co/I2VI9
Pingback: Más de 18.000 cuentas del tracker RevolutionTT filtradas |
Pingback: Enlaces de la SECmana – 141 | Desgobierno de Chile
Jason19724

hello I been with RevolutionTT for a long time I cannot login in cannot my my email in data any me help me please
Sdefdf

They have computers in Afghanistan? I thought they were savages with ak47
Cockney01uk

has the site closed down i am unable to connect anymore and there seem to be way of contacting to revolutiontt staff
- wilber
  
  yes, site is closed
  - Dumbazz
    
    lol..no it isn’t
Guest

THIS IS WHY NEVER USE THE SAME PASSWORD TWICE BUY A MANAGER AND THIS IS NOT AN ISSUE. Hackers will brute force these combos on popular sites. Some idiot always uses the same combos.
Fu

I would like for hackers to get into Bluray.com and destroy all the admins in there while freeing all the banned ip addresses. Bluray.com is an awesome site, but the admins there are the worse I have ever encountered. Colossal assholes.

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

Hackers Leak Thousands of Passwords From Large Private BitTorrent Tracker

Related Posts

Previous Post | Next Post

NewsBits

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

Pirates Can Be Identified Despite Sharing IP Addresses, ISP Claims

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

McAfee Patents Technology to Detect and Block Pirated Content

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed