395,000 uTorrent Forum Accounts Put Up For Sale By Hackers

[Batu69]

In June, it was revealed that uTorrent's forums had been hacked, putting at risk the personal details of hundreds of thousands of users. Now it being reported that the database has been put up for sale on a darknet marketplace. The package is said to contain almost 395,000 accounts but data is cheap. The asking price? Just one bitcoin.

 

With more than 150 million users a month, uTorrent is by far the most popular torrent client in the West.

This popularity and the need for technical support means that parent company BitTorrent Inc. needs to maintain a community forum. With tens of thousands of visitors each day, it too is quite popular. However, it recently came to light that information the site held on its users was no longer secure.

 

In June, the uTorrent team issued a security alert which advised users to change their passwords. According to one of uTorrent’s vendors, a compromise of uTorrent’s database had occurred following a security issue elsewhere.

 

“The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts. As a result, attackers were able to download a list of our forum users,” uTorrent said at the time.

 

Since then things have gone pretty quiet but according to information just published, the problems might be about to get worse.

According to Hackread, the uTorrent database obtained during the breach has now gone up for sale on a darknet marketplace. Offered for sale by a user called “DoubleFlag”, it is said to contain emails and passwords from the forum.

 

“Out of a total of 394,769 accounts, some passwords are encrypted with Secure Hash Algorithm 1 (SHA-1) and some with the weak MD5 hashes,” the publication reports.

 

 

As can be seen from the screenshot above, the asking price is pretty low considering the number of accounts involved. The seller is asking just BTC 0.9580 ($602) for the data, which may (or may not) be an indication of its usefulness.

 

Another interesting detail coming out of this offer of sale is the claim from DoubleFlag that the data was obtained from uTorrent back in January. That’s a full six months in advance of the security alert from uTorrent.

 

The same January date is claimed by Haveibeenpwned.com, but that site states that ‘just’ 34,235 accounts have been compromised.

 

Article source

[steven36]

This is why i dont like joining forums anymore ..People  come on many forums and act like there some kind of professionals  I wonder how many used a real email that will link back too them every time some fourm gets hacked?  In all my years on the internet I never made a email were i used my real name  .  If you dont put the info out there too began with it dont exist. 

 

[daniel3x]

in the meantime...

 

Quote

Hello *********,

We have reason to believe that your eBay account has been used fraudulently without your permission. We’ve reset your eBay password. Any unauthorized activity, such as buying or selling, has been canceled and any associated fees have been credited to your account. Any listings that we removed are included toward the end of this email. We assure you that your financial information is securely stored on a server and cannot be seen by anyone.

 

Ebay hacked again... I think in more than 5/6 years i had to change my pass on ebay 4 or 5 times because they get hacked so many times.

[straycat19]

4 hours ago, daniel3x said:

in the meantime...

 

 

Ebay hacked again... I think in more than 5/6 years i had to change my pass on ebay 4 or 5 times because they get hacked so many times.

 

Really, you only change your password when they get hacked.  I change my password on all my real accounts every 90 days.  I always have even when the entity does not require it.  Failure to change your passwords can result in more problems that just having to change the password at their behest.  I keep the passwords in an encrypted database inside an encrypted folder and a verification text message is sent for both decryption attempts.  Pain in the butt, sure.  Safe, you betcha.

[steven36]

You can change you're password all you want . It dont do no good,  once they hack a site they got you're info  you know how  much they can steal in 90 days?  by the next time you change passwords  you could change it on the 90th day and the site get hacked on day one of you're cycle . Once a site has been breached if  you were in the line of fire  its too late.  That's a false sense of security thinking changing passwords before a site gets hacked will protect you,  because they hack the whole site and there going get you regardless if you're  one of the people they got..

 

I know someone who got hacked  before  and  it was way worse than them getting  you're email and password.  i dont even consider  these people selling info  on the darkweb very smart hackers . Just script kidde crap   I had one of my emails stole  from me back in the early 2000s they didn't get nothing because I never made a email with my real name .  A real hacker would drain you're banking account dry they would not bother with this dumb shit .

 

Now days they sell them on the darkweb  .They use to steal them and put them on bug me not site for free. I use to be a member at  one forum  and i looked at  bug me not  and seen some of the members names and passwords  for the same forum.

 

I logged into one of the filehost/cloud storage sites the other day, they told us to check the ips,  to make sure no one has been logging in to our account  mine was clear. i just used a throwaway email anyway for that one.

 

[DKT27]

Worry not for the hacks that were reported. Worry for the hacks that were not reported anywhere on the internet and such.