Cyber Incident Victim: popular torrent tracker
Date:
Dec 2017
Location:
Denmark
Summary
A popular Danish torrent tracker shut down following a hack where an attacker claiming affiliation with Anonymous breached its systems, initially promoting all users to staff before the site went offline. The operators initially dismissed the incident as minor interference from a rival tracker and denied database theft, but a partial leak of user credentials and IP addresses quickly circulated, contradicting their claims. Subsequently, over 20GB of data including full user databases and site code was released, confirming the breach and exposing sensitive user information due to inadequate server security. The operators later admitted security failures and permanently closed the platform, redirecting users to a replacement site which also suffered a breach and shutdown shortly thereafter. The incident raised concerns among users about potential targeting by anti-piracy groups due to exposed IP logs.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 27, 2017, the Danish private torrent tracker Hounddawgs.org experienced a security breach impacting its 40,000 users. An entity identifying as 'Anonymous' compromised the site, promoting all users to 'staff' status before the platform went offline. Initial operator communications attributed the disruption to "server maintenance," blaming rival Danish torrent site operators described as "kiddies" for "messing around" without causing significant harm. However, a partially redacted file containing usernames, email addresses, and IP addresses began circulating shortly thereafter, contradicting these claims. Users reported unauthorized access to other accounts where they had reused credentials, escalating concerns about data exposure. Hounddawgs administrators denied a full database breach but announced an indefinite shutdown, citing persistent conflicts with competing trackers that opposed their operations as a counter-movement to existing Danish torrent communities.
The situation escalated when the attacker released approximately 20 gigabytes of data purported to contain Hounddawgs' complete database and source code, directly contradicting operator assurances that no such breach had occurred. The leak exposed vulnerabilities in the site's Gazelle-based infrastructure, which inherently logged user IP addresses—data now publicly accessible. Faced with evidence of the breach, operators acknowledged security failures, apologizing for delayed precautions while maintaining their closure decision was motivated by user protection. The incident raised concerns among users about potential anti-piracy actions by Denmark's RettighedsAlliancen, though no immediate enforcement was confirmed. Following the shutdown, operators redirected users to a new tracker called iNFiNiTY-T, which subsequently suffered its own breach and closure by January 10, 2018, compounding the disruption to Denmark's torrent community.