Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Pirate Bay account database compromised - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Pirate Bay account database compromised

Juha-Matti was the first to write in with this article from Brian Krebs.  The article explains how the Pirate Bay user database was compromised via SQL injection.

Of course, I am sure that none of our readers would have an account at the Pirate Bay except for the rare "I'm doing security research" purpose only.  But you may want to drop a helpful hint to your "friends". 

-Kyle Haugsness


112 Posts
Jul 8th 2010
I've been going around websites where I remember creating an account, and doing an 'audit' of what data I had stored there. I'm deleting any data they don't need about me, reviewing what privacy controls they have, and in some cases deleting my account there. I'm also resetting passwords to ensure they're unique per-site and making a note of where, and when, I set the password.

Unfortunately I'd forgotten about The Pirate Bay, where I once (legally!) posted a friend's music album some time ago. My account activation email tells me what password I used when signing up there so I can try to make sure I'm not using that anywhere else.

The article claims that some 'MD5 hashing' was used on passwords, but that's relatively weak these days. A precomputed table of hashed passwords would allow the original password to be determined. Some sort of 'salt' concatenated or XOR'd with the password before hashing may have increased security in this case, but we don't know if that was done or not.

Sign Up for Free or Log In to start participating in the conversation!