Torrent users watch out, another popular torrent site has fallen victim to a simple breach which has now left over 190,000 users details leaked. The attack comes from a hacker who goes by the name Nairb who has been around for some time now leaking data frequently. The torrent site that has been breached is AhaShare (https://www.ahashare.com/) and the breach has left its complete database for torrents and users leaked. The leak was first announced today by Nairb who posted it from there twitter account @SQLiNairb with a link to pastebay. > #dump #sqli #yums @HackRead @Cyber_War_News @torrentfreak @TheHackersNews #lulz https://t.co/H4VE16ZKM1 — nairb (@SQLiNairb) October 4, 2013
The pastebay post contained a link to a 560mb file hosted on MEGA and when extracted turned out to be 2.68GB raw SQL extraction from the database named ahadb_db. The file didn't really contain anything of interest besides it shows a list of affiliates user names and IP addresses used by them affiliates on last login. Shortly after that Nairb also tipped me off to a further leak which was also posted to pastebay and MEGA and this time was a 32mb zip file containing the user databases. The dump folder contains 3 other folders which are individual database extractions including the main MySQL database which holds server/admin credentials. The users details contain user names, email addresses, IP Addresses, secret questions and answers as well as other site related information. Passwords appear to be encrypted. The forums users xls contains just over 2000 entry's and shares similar format as the main users files. So yet again another torrent site and its users are breached, leaked and proven to be insecure to simple attacks like SQL injection.