An Argentinian hacker has accessed the private information of four million users on torrent-sharing site The Pirate Bay, including display names, email and IP addresses.
The site, which is a hot-spot for trading torrents of illegally copied material, has now reportedly fixed the vulnerability responsible for the leak, and none of the information was release publically.
Former Washington Post security reporter Brian Krebs reported the breach on his own blog. The hacker, named as Ch Russo, was reported as saying a SQL Injection vulnerability allowed him and his team to access a user database.
Ch Russo and his team had the opportunity to change or delete any user information, although he maintains that none of this information was actually altered.
He did, however, consider selling the information to anti-piracy advocates, including the Recording Industry Association of America and the Motion Picture Association of America. Both groups have been at the forefront of the anti-piracy movement, and have attempted to shut down the Pirate Bay for hosting torrents of copyrighted files.
“Probably these groups would be very interested in this information, but we are not [trying] to sell it,” Russo told KrebsOnSecurity. “Instead we wanted to tell people that their information may not be so well protected.”
The leak comes after a tumultuous few years for The Pirate Bay. It has suffered a number of court battles, and its founders were even sentenced to jail early last year. However, the site continues to operate despite a number of court orders mandating it be shut down.