In June 2016, a security alert was issued by the uTorrent team in which they strongly advised the members of the forum to practice good personal security practices and modify their passwords following a breach of their database.
What they omitted to bring to light is the fact that the breach had occurred about six months ago in January.
After the security alert, little more information was divulged concerning the issue and slowly it was pushed to the back burner.
Fast forward to September and the repercussions of the security breach, of which the magnitude had not been revealed in the security advisory, have begun coming back to the clueless uTorrent users in the form of close to 400,000 compromised uTorrent accounts that have just been availed for purchase on TheRealDeal Market.
Breached Database Going for $600 on the Dark Web
A user known as “doubleflag” is apparently selling the breached database for $600 on TheRealDeal Market.
According to reports from HackRead, doubleflag is in possession of the sensitive information for 394,769 uTorrent accounts which include email addresses and passwords for each all of which are available on TheRealDeal Market.
His listing also contains passwords encrypted with the Secure Hash Algorithm 1 (SHA-1) while some possess the much weaker MD5 hashes.
uTorrent’s Security Alert Issued Too Late
TheRealDeal Market vendor doubleflag confirmed that indeed the data was obtained during the first security breach which occurred in January 2016, according to TorrentFreak.
The ill-timed security alert from uTorrent has raised more than a few questions, however, seeing that it came six months after the initial breach, albeit some figures might be a tad off the mark.
Security site Haveibeenpwned also confirmed that the data breach responsible for the accounts on sale on TheRealDeal Market took place in January.
Amidst claims that uTorrent had no clue when the data leak occurred, it is worth mentioning that they did not indicate that the data leak had occurred in June.
The omission of the information concerning the exact timeline of the breach, however, remains a pertinent matter.
The Security Advisory
BitTorrent was only made aware of the security breach involving the vendor which powers its forums on June 6, months before the compromised information was put on sale on the dark web.
They explained that the breach could have stemmed from one of the vendor’s other clients and that it made their forum vulnerable and allowed hackers to access sensitive information from other accounts.
Following the breach, the hackers downloaded a list of its forum users which then posted for sale on TheRealDeal Market.
uTorrent claimed to have been taking emergency security measures where they made backend alterations that removed the vulnerability posed by hashes in the file.
Apparently, they were continuing to follow up on the matter to gauge the amount of information that was compromised.
In light of the events, they advised their forum users to consider changing their passwords entirely.
They went on to confirm that user accounts with hashed passwords had been considered compromised despite the fact that passwords are not liable to be used as attack vectors on the forum.
They touched on users who use similar passwords for different accounts saying that they were strongly advised to use new passwords as a measure of good personal security practices.
Effects of the Breach are Irreversible for Database on TheRealDeal Market
For the uTorrent users whose information is on sale on TheRealDeal Market, there is not much that can be done to reverse the damage of the data breach.
The best way forward according to security experts would be to ensure that the compromised password is not in use across other platforms and websites.
Despite the ill-timed nature of the security alert, one cannot fault their call to practice good personal security practices from here on out.
Latest posts by Richard (see all)
- Latest Tor Alpha Release Includes New Traffic Scheduler - October 21, 2017
- Top Darknet Markets Go Offline - October 16, 2017
- Data of Thousands of Indian Firms being Offered on the Dark Web - October 11, 2017