Pirates beware! The website “Mac-Torrents” which facilitated the piracy of products that run on Apple devices experienced a major security breach in October of 2015. Over 94,000 passwords, email addresses, and usernames were exposed, leaving users off the piracy website to be entirely vulnerable.
Users that have created accounts at the website and were using a password they use for their other accounts should definitely change their password in order to make sure that their account on those other websites is not compromised. Experts looking into the hack have determined that the security used by the website was very rudimentary at best. The passwords were using the hash MD5 check and were “unsalted”, which means that if the password could be easily looked up using basic hacker tools such as rainbow tables then their account was as good as gone.
For those who are unaware of what rainbow tables are, they are tables that are randomly generated that are used to get rid of cryptographic hash functions, such as the aforementioned MD5 hash. The tables have some genuine uses in the technology field, such as for the recovery of non-encrypted passwords that are a certain length and a certain amount of characters. They differ from brute forcing attacks in that they take much less time to execute but take much more storage space to do so. If the people behind Mac Torrents had used a derivation function that made use of more complex cryptography this could have been easily prevented.
Even for users that used secure passwords, the simple MD5 code meant that accounts could be accessed easily via brute force. For the uninitiated, brute forcing passwords is when a machine attempts to login to an account over and over until it succeeds.
It is incredibly bad for the creators of the Mac Torrent website to use such rudimentary encryption but it is also worthwhile to condemn the Anonymous group that hacked the password. This is not the first website they have hacked. Other websites that they have hacked and caused chaos on include Adobe, Ashley Madison, mate1, 000webhost, r2games, Heroes of Newerth, Snapchat, and Adultfriendfinder. In this context it is clear that the Anonymous group is quite the force to be reckoned for in the hacking world.
This isn’t the only security worry that has been plaguing Apple bittorrent users recently. Recently, the popular Mac BitTorrent client Transmission has been reported to be sending malware to over 6500 of it’s users. It is clear from these widespread security compromises concerning the usage of BitTorrents, it is very unsafe for pirates to continue pirating illegal software as sources are all out to make it unsafe for them. Similarly, it is a warning call to all website owners, even legitimate ones, that it is essential to use state of the art cryptography in order to protect their user accounts.