OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] fringe: More than 4 million Pirate Bay user accounts exposed

From: security curmudgeon (jerichoattrition.org)
Date: Thu Jul 08 2010 - 14:03:19 CDT


http://krebsonsecurity.com/2010/07/pirate-bay-hack-exposes-user-booty/

Security weaknesses in the hugely popular file-sharing Web site
thepiratebay.org have exposed the user names, e-mail and Internet
addresses of more than 4 million Pirate Bay users, according to
information obtained by KrebsOnSecurity.com.

An Argentinian hacker named Ch Russo said he and two of his associates
discovered multiple SQL injection vulnerabilities that let them into the
user database for the site. Armed with this access, the hackers had the
ability to create, delete, modify or view all user information, including
the number and name of file trackers or torrents uploaded by users.

Russo maintains that at no time did he or his associates alter or delete
information in The Pirate Bay database. But he acknowledges that they did
briefly consider how much this access and information would be worth to
anti-piracy companies employed by entertainment industry lobbying groups
like the Recording Industry Association of America (RIAA) and the Motion
Picture Association of America (MPAA), each of which has assiduously
sought to sink The Pirate Bay on grounds that the network facilitates
copyright infringement.

[..]
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php