Several sites of download private torrent are currently plagued by a security breach providing very easy access to sensitive data.
This was discovered by a security researcher who tried to warn the sites (or trackers) in question. With no response from them, the person turned to specialized information sites such as TorrentFreak.
A torrential security breach
Generally difficult to access, some private torrent sites, otherwise known as “trackers”, have recently suffered a major security breach. This concerns the Torrent Auto Uploader software, a tool used by external content providers or other torrent sites to feed a main site with fresh content.
This software automatically downloads new torrents, along with their description and NFO files from one site to embed them on another. This goes through a web interface without password protection. More specifically, the flaw notably allows access to staff tools, which are interested among other things in user profiles, in order to know their information and the currently active torrents.
Third-party tracker URLs, via simple queries, also lead to other torrent sites, revealing the keys normally protecting each file’s RSS feed. The repercussions of this flaw are therefore numerous.
Fix in progress
Anyone can therefore, via an internet browser, access this information, which contains sensitive data for both the affected torrent sites and their providers and for the users. Before the security researcher launched the alert, three major torrent download sites were affected.
At the time of writing, the message has finally been transmitted to the trackers concerned, and two out of three sites have been able to correct the security flaw. By definition, contacting these sites is particularly difficult. The researcher who detected the flaw was not a member of any of them.
For this, you must either be invited by another member, and therefore be part of a very closed and anonymous circle for obvious reasons. An alternative is to pay a certain amount. Fortunately, the information relayed in particular by TorrentFreak helped to partially plug this torrential fault before it worsened.
Source : TorrentFreak
Recent years have been marked by the massive use of teleworking, cybercrime is doing better than well. We are still, unfortunately, in a situation that makes the use of a complete security suite highly recommended, even essential, in any case under Windows. And it’s against this background that we reviewed the main security suites available on PC to determine the best antivirus for January 2023.
Read more
4