The websites of the torrent clients Deluge and qBittorrent, as well as the torrent site SumoTorrent, have reportedly been compromised. Access to the stolen user information including emails and hashed passwords is being sold online.
Several torrent related websites have reportedly been compromised by hackers, exposing the personal details of thousands of members.
Among the targeted sites are the forums of torrent clients Deluge and qBitTorrent, of which the user databases appeared online several days ago.
Both forums have thousands of members, whose emails, hashed passwords and other information was posted on the website Databoss.io.
The same site also lists the user database of the torrent site SumoTorrent.sx, which was reportedly breached earlier.
TorrentFreak reached out to the Deluge team, who have taken down their site as a precaution. This means that the popular cross-platform torrent client can’t be downloaded at the moment.
The Databoss hacker(s) placed a hello.txt file on the site as proof for the breach, but it’s not clear how the site was compromised.
“We’re currently working with our hosting provider to identify and resolve the issue and we’ve taken down the site until that time,” the Deluge team informs TF.
In any case, for now Deluge advises its forum members to change their passwords at other services, if they used the same password more than once.
The qBitTorrent team informs TF that they are looking into the issue on their end. They have disabled the forums as a precaution and plan to release a detailed statement later on.
SumoTorrent, meanwhile, informs us that they are not aware of any breach, but they are investigating the claims.
The Databoss.io website is selling access to the hacked information, starting at $2 per day.
For now no plaintext passwords are available for the torrent related sites, although this may change in the near future. “The databases are in the process of being cracked to the highest percentage possible,” Databoss writes on RealityForum.
However, at the time of writing the website is inaccessible. Accordingto the person in charge, the site was pulled offline temporarily after an abuse complaint from the owner of another affected site, realforums.org.
Update: TorrentFreak has seen additional info suggesting that the SumoTorrent breach is real.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.