Another day another hacking, so it seems in this modern day and age. In another case where hackers have gotten their way, thousands of user accounts on the popular data trading software site, BitTorrent was hacked.
Troy Hunt, the popular security researcher, got hold of the data and managed to upload it to his infamous breach notification site, the Have I Been Pwned site, which gives insight as to whether their accounts have been compromised or not. Other reporters also got hold of the data and managed to verify its contents.
The data leak has over 34,000 usernames email addresses, IP addresses, and salted SHA1 password hashes. A salted password is a password which has an added hashing algorithm through which makes the password even harder for the hackers to crack.
A spokesperson for BiTorrent, Christian Averill told reporters via email that there had been a security which was mainly to do with the vendors which help to power the site’s forums. The flaw had come through one of the vendors clients and had given the cyber attackers a chance to access information on other accounts which included the BitTorrents accounts.
Because of all of this, attackers could, therefore, download a list if the users who are available on the forum. He also said that they were still investigating to check if there had been any access to the further information.
BitTorrent also advised the forum’s users to change their passwords just to be safe, especially if they used the same password on other sites. Averill also added that the affected vendor had added some backend changes which would make the hashes that were in the file seem to be unusable as an attack vector.
What this means at the moment is that BitTorrent might have invalidated the accounts on the site if they were affected. It could also mean that the hashing algorithm has been changed accordingly, but such measures might not be enough to stop hackers from getting into the users accounts. BitTorrent could not provide clarification in time.
Hunt told reporters that the leak is just one of many that have been seen over the past few days.
As always, practice good password management and get yourself a good VPN for torrenting.