"World in HD" torrent community leaks user data

A significant security incident has impacted a a private French torrent community, World in HD (WiHD). The organization inadvertently left its vast user database unsecured and accessible on the internet.

Torrent services facilitate the sharing of large files across the internet. Although torrents themselves are not inherently illegal, they are frequently utilized for distributing pirated material—everything from films and television shows to music, video games, and cracked software. The exposure of personal data in this context not only compromises privacy but could also subject users to legal action for their online activities.

A misconfigured Elasticsearch server was the point of vulnerability. The exposed database was found to contain a range of sensitive details, including:

• user emails,
• IP addresses,
• specifics of the service usage,
• usernames,
• encrypted passwords.

This breach affected not just regular forum members but also the site's administrators, with the personal data of nearly 100,000 individuals becoming vulnerable.

Membership to WiHD is reputedly challenging to obtain, with some reports of invites being sold for substantial sums. There is no clarity on whether any malicious parties or law enforcement agencies had discovered the database. It also remains uncertain whether WiHD was aware of the breach before the report and if they have since secured the database.