Cyber Incident Victim: Hounddawgs
Date:
Dec 2017
Location:
Denmark
Summary
A Danish torrent tracker experienced a breach where a hacker claiming affiliation with 'Anonymous' compromised the site, promoting all users to staff before it went offline. Initially, operators dismissed the incident as minor interference from a rival tracker and denied database exposure, but a partial leak of usernames, emails, and IP addresses circulated, leading to reports of compromised external accounts. After indefinite shutdown announcements, the hacker released over 20GB of data—allegedly the full database and site code—contradicting operator claims and exposing minimal server security. The operators later acknowledged unresolved security flaws and apologized for delayed precautions, while user data logged via the Gazelle script raised concerns about potential identification by anti-piracy groups. A successor tracker recommended by the operators was subsequently hacked and shut down.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late December 2017, the Danish private torrent tracker Hounddawgs.org experienced a disruptive security incident when an entity identifying as 'Anonymous' breached its systems. The attacker notified the site's 40,000 users via a message claiming responsibility for the hack and promoting all users to 'staff' status before the platform went offline. After a brief outage, Hounddawgs operators restored access with a notice attributing the disruption to server maintenance and accusing competitors from another Danish torrent site of "messing around" to sabotage their operations. The operators initially downplayed the severity, stating "no harm has been done" and that they were correcting technical errors. However, a partially redacted file containing usernames, email addresses, and IP addresses began circulating publicly shortly afterward, leading to reports of compromised user accounts on other platforms where identical credentials were reused. Despite mounting evidence of a breach, Hounddawgs staff continued to deny allegations of a full database compromise while simultaneously announcing the site would remain offline indefinitely, citing sustained hostility from rival trackers that forced them to cease operations permanently.
The situation escalated when the alleged hacker released approximately 20 gigabytes of data purported to contain Hounddawgs' complete database and source code, directly contradicting the operators' previous denials. This leak included detailed user activity logs recorded by the Gazelle tracker software, specifically IP addresses tied to torrenting activity. Faced with this evidence, Hounddawgs operators revised their position, acknowledging security deficiencies and apologizing for failing to address vulnerabilities that enabled the breach, stating they had closed the site "as a precaution, but unfortunately too late." The exposure of sensitive user data raised concerns among members about potential targeting by anti-piracy entities like Denmark's RettighedsAlliancen, though no immediate legal actions were confirmed. As part of their shutdown process, Hounddawgs had redirected users to a replacement tracker called iNFiNiTY-T, but this successor site suffered a similar compromise and ceased operations by January 10, 2018, compounding the disruption to the Danish torrent community. The incident highlighted operational vulnerabilities in private tracker infrastructure and the risks associated with centralized logging of user activity data.