An Argentinian hacker named Ch Russo claims that he, together with two associates, has found several SQL injection vulnerabilities in The Pirate Bay’s database, which granted him access to all user information, including user names and e-mails, on the site.
According to KrebsOnSecurity, who spoke with Ch Russo on the phone, the hackers did not modify the user data or give it away to a third party. They did, as they say, consider how much this info would be worth to various anti-piracy outfits such as the RIAA.
“Probably these groups would be very interested in this information, but we are not [trying] to sell it. Instead we wanted to tell people that their information may not be so well protected,” Ch Russo said.
It seems that the vulnerability has been at least partially patched, though, as Russo said the web site component that gives access to The Pirate Bay’s database has been removed. Furthermore, The Pirate Bay site is currently down, sporting the following message: “Upgrading some stuff, database is in use for backups, soon back again.. Btw, it’s nice weather outside I think.”
Although it’s been under the attack of the entertainment industry for years now, The Pirate Bay has somehow been able to survive to this day, even in the wake of some other major torrent trackers, such as Mininova, crumbling under the pressure (Mininova removed all torrents from its site and is now strictly hosting torrents which point to legal files.)
Security problems such as this one, however, might cause huge problems to the service if user information falls into the wrong (or right, depending on how you look at it) hands.
More About: piracy, privacy, riaa, the pirate bay
For more Tech coverage:
- Follow Mashable Tech on Twitter
- Become a Fan on Facebook
- Subscribe to the Tech channel
- Download our free apps for iPhone and iPad