The TorrentFreak blog has reportedly spotted a flaw in private torrent sites that allows access to their users’ personal data. The problem would come from a code commonly used by all these services.
An informant, who wished to remain anonymous, allegedly pointed TorrentFreak to three big, problematic private torrent sites. They expose, without their knowledge, a serious security flaw. However, the researcher has the greatest difficulty in contacting the managers of these services to notify them.
Just like a public site at Zone-Téléchargement or CPasbien, a private torrent site allows you to share and download files using the BitTorrent protocol. To take advantage of its services or contact its managers, one must become a member, by cooptation or by paying a subscription. This, of course, requires provide a lot of information, including a means of paymentif you agree to pay.
Torrent sites that expose the critical flaw must acknowledge each other
The problem would come from the Torrent Auto Loader program used by trackers at all three sites. The latter launches when new sources appear in other trackers. It automatically downloads and automatically transfers torrents and other file types from one platform to another. The problem is that the Torrent Auto Loader administration page is accessible to anyone: it is not password protected. All three private torrent sites use one of two torrent clients: rTorrent or ruTorrent.
Private torrent sites have a reputation for being safer than their mainstream counterparts. It would be quite the opposite with regard to the three services mentioned by the anonymous source. The threat of releasing data from paying members is so strong that TF says, “the researcher wants to protect the users of these platforms, but if we named the sites here, it wouldn’t leave enough time for the adminss to be informed and act accordingly”. The operators of these sites must therefore recognize themselves… and quickly fill this critical gap.
Source: Torrent Freak