fringe: More than 4 million Pirate Bay user accounts exposed

[security curmudgeon <jericho () attrition org>]

http://krebsonsecurity.com/2010/07/pirate-bay-hack-exposes-user-booty/

Security weaknesses in the hugely popular file-sharing Web site 
thepiratebay.org have exposed the user names, e-mail and Internet 
addresses of more than 4 million Pirate Bay users, according to 
information obtained by KrebsOnSecurity.com.

An Argentinian hacker named Ch Russo said he and two of his associates 
discovered multiple SQL injection vulnerabilities that let them into the 
user database for the site. Armed with this access, the hackers had the 
ability to create, delete, modify or view all user information, including 
the number and name of file trackers or torrents uploaded by users.

Russo maintains that at no time did he or his associates alter or delete 
information in The Pirate Bay database. But he acknowledges that they did 
briefly consider how much this access and information would be worth to 
anti-piracy companies employed by entertainment industry lobbying groups 
like the Recording Industry Association of America (RIAA) and the Motion 
Picture Association of America (MPAA), each of which has assiduously 
sought to sink The Pirate Bay on grounds that the network facilitates 
copyright infringement.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php