CyberCrimeProjectsSecuritySecurity ManagementService Providers

uTorrent Hack Exposes Account Details And Passwords

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Undergound data breach. Up to 35,000 user accounts on the uTorrent community forums exposed after hack

The uTorrent community forums have been hacked and the security breach has exposed account details, including passwords.

The breach was reported by the Torrent Freak news website, which said that the popular file sharing service BitTorrent (which owns uTorrent) was made aware of a security breach on 6 June. The forum has over over 388,000 registered members, but it seems that only 35,000 accounts (roughly) have been compromised.

Data Breach

“The uTorrent community forums have been hacked, exposing the private details of hundreds of thousands of users,” Torrent Freak reported. “The hackers were able to get their hands on the user database, and a warning issued by the software maker says that passwords should be considered compromised.”

It said that the uTorrent team was alerted to the issue by one of their vendors earlier this week. It claimed that the vulnerability didn’t originate at the uTorrent forums, but was rather “indirectly compromised.”

uTorrent logo“The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts,” uTorrent explained. “As a result, attackers were able to download a list of our forum users.”

The uTorrent team said that it is not entirely clear what data has been compromised by the hack, but that the company’s vendor has made some changes to mitigate the fallout, but the hashed passwords are likely compromised.

“We are investigating further to learn if any other information was accessed,” the uTorrent team said. “Our vendor has made backend changes so that the hashes in the file do not appear to be a usable attack vector.”

“As a precaution, we are advising our users to change their passwords,” said the uTorrent team. “While the passwords may not be used as a vector on the forums, those hashed passwords should be considered compromised.”

Concerned users of the underground forum can check whether their account details have been compromised on the haveibeenpwned.com website.

P2P Controversy

Peer-to-peer networking applications continue to cause controversy. In legitimate applications, the technology allows data to be distributed among the client computers and delivered by the closest node, helping spread out the bandwidth load. In cases such as the Tor network, peer-to-peer routing can offer additional benefits, such as anonymity.

However, online criminals have used peer-to-peer networks to make their infrastructure harder to dismantle and protect their command-and-control capabilities. People who pirate digital media and software often use peer-to-peer networks for similar reasons.

Indeed, last year security firm BitSight warned that companies which have BitTorrent running inside their networks are more likely to have systems infected with malware and other signs of a breach.

That said BitTorrent does offer useful services. Last year for example it made its private messaging app publicly available for iOS, Android and Windows Phone users. Called Bleep, the messaging app ensures personal details safe from snooping and hacking by keeping messages and encryption keys stored locally on the user device rather than in the cloud.

Are you a security pro? Try our quiz!