Cyber Incident Victim: uTorrent Forum

On or around June 8, 2016, hackers compromised the user database of BitTorrent's official forum, stealing account information for approximately 34,000 users. Security researcher Troy Hunt obtained the dataset and uploaded it to his breach notification service Have I Been Pwned, while Motherboard journalists independently verified the data's authenticity. The stolen records included usernames, email addresses, IP addresses, and salted SHA1 password hashes. BitTorrent confirmed the breach through spokesperson Christian Averill, attributing it to a security vulnerability in their forum software vendor's systems. The vulnerability reportedly originated through one of the vendor's other clients, enabling attackers to access BitTorrent's forum user data. The forum operated on IP.Board software, which Hunt noted had been implicated in multiple prior breaches.

BitTorrent initiated an investigation to determine whether additional information beyond the user list was accessed. The company advised affected users to change their passwords, particularly if reused across multiple services. BitTorrent's vendor implemented backend changes described as rendering the stolen password hashes "not appear to be a usable attack vector," though the company did not clarify whether this involved password resets, account invalidations, or hashing algorithm upgrades. Security experts observed that the salted SHA1 hashing method represented a relatively weak storage mechanism that could still be cracked despite the salting. The incident exemplified recurring patterns of PHP-based forum breaches involving inadequate password protection. No further technical details about the attack vector, perpetrator identity, or definitive scope beyond the 34,000 accounts were disclosed by BitTorrent at the time of reporting.