Thousands of uTorrent Accounts Available on TheRealDeal Market

Updated on:
A smartphone screen shows uTorrent icon on the screen. Selective focus.
initial breach is being sold by a user named “doubleflag” for $600. Doubleflag’s listing contains emails and passwords for 394,769 uTorrent forum users.

In June 2016, a security alert was issued by the uTorrent team in which they strongly advised the members of the forum to practice good personal security practices and modify their passwords following a breach of their database.

What they omitted to bring to light is the fact that the breach had occurred about six months ago in January.

After the security alert, little more information was divulged concerning the issue and slowly it was pushed to the back burner.

Fast forward to September and the repercussions of the security breach, of which the magnitude had not been revealed in the security advisory, have begun coming back to the clueless uTorrent users in the form of close to 400,000 compromised uTorrent accounts that have just been availed for purchase on TheRealDeal Market.

Breached Database Going for $600 on the Dark Web

Nearly 400,000 uTorrent Accounts For Sale On TheRealDeal Market
Nearly 400,000 uTorrent Accounts For Sale On TheRealDeal Market

A user known as “doubleflag” is apparently selling the breached database for $600 on TheRealDeal Market.

Your TOR usage is being watched

According to reports from HackRead, doubleflag is in possession of the sensitive information for 394,769 uTorrent accounts which include email addresses and passwords for each all of which are available on TheRealDeal Market.

His listing also contains passwords encrypted with the Secure Hash Algorithm 1 (SHA-1) while some possess the much weaker MD5 hashes.

uTorrent’s Security Alert Issued Too Late

TheRealDeal Market vendor doubleflag confirmed that indeed the data was obtained during the first security breach which occurred in January 2016, according to TorrentFreak.

The ill-timed security alert from uTorrent has raised more than a few questions, however, seeing that it came six months after the initial breach, albeit some figures might be a tad off the mark.

Security site Haveibeenpwned also confirmed that the data breach responsible for the accounts on sale on TheRealDeal Market took place in January.

Amidst claims that uTorrent had no clue when the data leak occurred, it is worth mentioning that they did not indicate that the data leak had occurred in June.

The omission of the information concerning the exact timeline of the breach, however, remains a pertinent matter.

The Security Advisory

BitTorrent was only made aware of the security breach involving the vendor which powers its forums on June 6, months before the compromised information was put on sale on the dark web.

They explained that the breach could have stemmed from one of the vendor’s other clients and that it made their forum vulnerable and allowed hackers to access sensitive information from other accounts.

Following the breach, the hackers downloaded a list of its forum users which then posted for sale on TheRealDeal Market.

uTorrent claimed to have been taking emergency security measures where they made backend alterations that removed the vulnerability posed by hashes in the file.

Apparently, they were continuing to follow up on the matter to gauge the amount of information that was compromised.

In light of the events, they advised their forum users to consider changing their passwords entirely.

They went on to confirm that user accounts with hashed passwords had been considered compromised despite the fact that passwords are not liable to be used as attack vectors on the forum.

They touched on users who use similar passwords for different accounts saying that they were strongly advised to use new passwords as a measure of good personal security practices.

Effects of the Breach are Irreversible for Database on TheRealDeal Market

For the uTorrent users whose information is on sale on TheRealDeal Market, there is not much that can be done to reverse the damage of the data breach.

The best way forward according to security experts would be to ensure that the compromised password is not in use across other platforms and websites.

Despite the ill-timed nature of the security alert, one cannot fault their call to practice good personal security practices from here on out.

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.