Despite the growing popularity of pirate streaming sites and services, classic file-sharing tools continue to have a smaller but dedicated audience.
This is true for BitTorrent as well as Usenet. In the latter category, NZBGeek is one of the largest players as it provides an indexing service that helps users to find content.
NZBGeek is a private community to which users can sign up without any charges. However, those who donate get some extra features that will help to sift through the more than 500,000 NZBs indexed by the site.
NZBGeek Hacked
The site generally operates smoothly but last week something changed. After initially becoming unreachable, the problem was initially clear but after a while, the operators put up a message stating that there were hosting related issues. Yesterday, however, things turned from bad to worse.
“It’s with a heavy heart that we must admit that we have had a breach,” the site informed its users. “If you have recently used your card or payment with us we suggest changing your credentials and card info as soon as possible.”
Database Compromised
According to the site’s operators, the hackers were able to put a keylogger on the site and also managed to get a copy of the database. The compromised data includes user emails and encrypted passwords.
“The hackers obtained a copy of our database which includes your username, encrypted password, email address & last connected ip address. During this time we had the hard drive on our indexer fail along with an api server.”
NZBgeek advises all users to change their passwords and do the same on all other accounts where a similar password is used. PayPal payment data should be safe as long as it uses a unique password. However, the site does recommend that users who paid at the site via credit card since 20th November to take appropriate action.
Javascript Keylogger
TorrentFreak spoke to NZBgeek admin Jeeves who clarifies that the site doesn’t store credit card details. That said, the hackers used an SQL-exploit to install a Javascript-based keylogger, which left users exposed.
The NZB indexer is still investigating the hack and aside from the API, all systems are still offline. If more information becomes available it will be shared with the community.
Needless to say, the breach has caused quite a bit of concern among users. Some fear that their download histories will be exposed, which would be a concern, especially since their IP-addresses and other information were also compromised.
“I am concerned as I don’t know if other data such as download history was accessed,” an NZBGeek user informed us, adding that it’s not clear why the site would need to store IP-addresses anyway.
Next Steps
While it’s understandable that users would like to have more information, it seems that NZBGeek is still figuring out the scope of the breach themselves.
A hack like this one is a major setback but it’s good to see that the operators are being transparent and open. Other sites may have simply tried to cover things up, leaving users even more exposed.
NZBGeek is still figuring out what steps to take next but they tell us that more information on that will be made public in the future.
“We are taking massive steps, with the help of many community members around the world who are experts in various forms of cybersecurity. I am happy to provide those details as these are vetted and finalized,” NZBgeek informs us.
—
Update: NZBGeek informed us that download histories were stored on a separate server that had a disk fail last week, but it’s not clear if this was compromised. The site stores users’ most recent IP-addresses in order to combat abuse.