Online video downloader exposes user data, including explicit content

A misconfiguration of Dirpy’s systems exposed users' IP addresses and revealed what they downloaded, which included explicit content.

On March 24th, the Cybernews research team discovered an open Kibana instance belonging to the online video downloader Dirpy. With its largest user bases in Japan and the US, Dirpy offers an online video downloading service that’s primarily used for YouTube and adult websites.

With many service providers out there, the legal status of such platforms remains a gray area. While it’s generally illegal to download videos from YouTube or other platforms without the permission of the copyright holder, it remains legal to download videos for personal, non-commercial use.

Despite the service's questionable legality, the demand for online video downloaders is huge. Dirpy’s platform alone gets twoi million monthly visitors, meaning that poor cybersecurity practices might affect a substantial amount of individuals.

The Cybernews research team identified that the Dirpy video downloader failed to properly set authentication on its Kibana, resulting in the leak of logs containing 15.7 million entries of private data.

The leaked data includes:

  • User IP addresses
  • Premium User account IDs
  • Activity logs with downloaded content, including explicit content
  • URLs of the requested content
  • User diagnostic information
Activity logs showing a user downloading explicit content
Activity logs showing a user downloading NSFW content

Kibana is an open-source data visualization tool for creating interactive dashboards. It offers powerful search and querying capabilities, supports real-time data monitoring, and generates reports.

These features of Kibana caused Dirpy’s user data to be leaked in real-time until the instance was closed. After the team contacted the company, access to the instance was secured. The research shows that Dirpy’s data was available from March 18th to April 24th, 2024.

Once a Kibana instance is exposed to the internet and not secured by authentication, it’s accessible to anyone, including threat actors, who can easily use the leaked data for malicious purposes.

Cybernews has contacted Dirpy for an official comment regarding the exposed instance, but no comment has yet been received.

Activity logs extended to show user IP and diagnostic information
Activity logs extended to show user IP and diagnostic information

Logs of explicit content downloads leaked

The leak is a significant cause for concern, as it exposed logs of downloaded videos, including users' IP addresses linked to the content they downloaded. A substantial portion of the downloaded content was from adult sites, revealing sensitive information about users, such as their sexual orientation, habits, and interests.

The impact of the leak is somewhat reduced because the free version of the service is available to anyone without the need to create an account. However, with or without the account, IP addresses have been exposed, posing a risk. IPs might be used to identify the users, along with the coarse and, in some cases, exact locations.

The current leak is a stark reminder of the importance of exercising caution when using online services. Every action on the internet leaves a trace. Using a VPN or secure proxy service is highly advisable, as it removes the tie between the network address and personally identifiable information.

Dirpy logs
Activity logs leaked by Dirpy

More from Cybernews:

LockBit says that it’s behind the London Drugs attack

OpenAI secures access to content from WSJ, The Times, and other media giants

CentroMed suffers data security incident, 400K patients exposed

Stock exchanges fined for failing to report cyber intrusion

US House bill moves to block export of AI models to China

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked