Exclamation Pirate Bay hacked, millions of IP address, emails exposed A team of Argentinian "security researchers" have gained access to The Pirate Bay's administration panel by using multiple SQL injections, leading to the exposure of over four million registered members' and email addresses, MD5-hashed passwords, as well as the number and name of torrents uploaded by users.
A hacker named Ch Russo and two of his associates pulled the stunt, temporarily gaining the ability to create, delete, or modify all user information. Fortunately for TPB, Russo and his friends claim they weren't out to cause damage and didn't make any changes to the site's data. They also haven't revealed any information to a third party.
The group considered hawking user information to anti-piracy organizations, but decided against it in favor of broadcasting a public service warning. "Probably these groups would be very interested in this information, but we are not [trying] to sell it. Instead we wanted to tell people that their information may not be so well protected," Russo said.
Before you're overwhelmed by a sense of goodwill, it's worth noting that Russo also released a video detailing the hack for anyone to replicate (originally here, but the URL now throws a 403). TPB was down for maintenance this morning and they've reportedly fixed the used by Russo and his compadres. The site is currently back online.
The story of hacking The Pirate Bay website was expected to have a continuation. However, it's now unclear where it can be found at all. The story seems to be turning into a very strange one, involving the site that claimed to have hacked The Pirate Bay, thus exposing millions of user identities. The whole story has simply vanished together with the original site! The latter is now only redirecting to Google.
All that began from an article posted on PCWorld, where hackers from Argentina, represented by their leader CH Russo, were quoted when discussing the issues of security. The quotation was from Russo's blog, where he posted his thoughts and a detailed video of hack. What he said there was quite sound -- any website, or a system, has strengths and vulnerabilities, and The Pirate Bay was not an exception. The hackers believed that everyone behind digital community always complied with the local legislation on their side, but it still caused troubles to big enterprises. That led to threats between enterprises and the community. What the hackers have managed to commit was not intended to be done with anger or for money. They said they just saw the change at the right moment and decided to try it out. Anyway, the method of achieving this was not extraordinary at all.
What happened after the article, which featured screenshots of thepiratebay's admin panel, is not quite clear. One thing is certain -- BitTorrent tracker went down for a short period of time, suggesting users to go breathe some fresh air while the database is upgrading. However, no representatives of the tracker confirmed the reason for such an urgent upgrade.
The story could be clarified from the flip side, or from the hackers'. But the original blog article that was so lively discussed on the Net simply vanished and now redirects to Google. So it's hard to guess with no clues what was it -- a publicity stunt, or action for show, or anything different.
Well, really, any application or system has security vulnerabilities, especially such complicated one as the tracker's. No Linux OS or even govt PCs can boast for the opposite. The rules of the game are easy -- the more popular an application is, the more attempts to break it are committed.
Anyway, for millions of The Pirate Bay users this is going to remain a question forever -- whether it would be better to just change their passwords on the site or give up on it at all.
info on what they did here, ch russo hxxp://insilence.biz/2010/07/multiple-sql-injections-on-the-pirate-bay/ there are 2 news, one older may 18 2010 and the other from july 9,2010.