WiHD leak exposes details of all torrent users

Updated on: 15 November 2023

Vilius Petkauskas
Deputy Editor

World-in-HD (WiHD), a French private video torrent community, left an open instance exposing the emails and passwords of all of its users and administrators.

WiHD, a popular torrent tracker specializing in HD movies, inadvertently exposed tens of thousands of its users, the Cybernews research team has recently discovered.

WiHD is a private tracker dedicated to distributing high-definition video content. Registered users can access French and English-language TV series, movies, animation, and other content.

Unlike public torrent trackers, private trackers are often invitation-only and supposedly maintain high standards for uploaded content. User forums lament the tracker’s exclusivity, with some selling invites to the website for over $100.

However, the Cybernews team discovered a publicly exposed Elasticsearch cluster on WiHD that lacked any password protection. ElasticSearch is a popular tool for managing large volumes of data.

What data was exposed?

According to the team, 97,327 accounts were exposed in the leak. Both WiHD's customers and its administrators had their accounts exposed over the publicly facing instance.

The leaked data includes:

User emails
IP addresses
Service info
Usernames
Hashed passwords for all torrent users

Exposing sensitive user data to anyone on the internet poses significant security risks, research claims. For example, malicious actors could collate IP addresses with email addresses to pinpoint user locations.

“Threat actors could engage in various illicit activities, such as tracking and identifying users for legal repercussions, launching targeted phishing attacks, or potentially exposing users’ downloading habits, raising privacy and legal concerns for affected individuals,” researchers said.

The likeliest reason for the exposed Elasticsearch instance is a misconfiguration. The team noted that WiHD eventually closed the exposed instance. However, attackers scouring the net could have easily downloaded the data for future use.