Torrent Site: Copyright Troll Had Staff Access to Member Data
#1
[Image: badtroll.jpg]

During the past several years it’s become extremely common for copyright holders in the adult industry to target users of file-sharing networks in order to threaten them with litigation.

The way these users are contacted has remained constant in the vast majority of cases. Armed with a court order, copyright holders force ISPs to hand over the personal details of subscribers so they can be contacted directly for a cash settlement. However, it doesn’t always work that way.

Since mid 2013, mounting anecdotal evidence and reports have suggested that people uploading and sharing certain niche content may have had their true identities exposed via information they posted on the Internet rather than through John Doe lawsuits filed by a copyright holder.

In particular, users have reported receiving cash demands over niche adult material offered by a company called TaylorMadeClips (NSFW). As noted by DieTrollDie in a 2013 article, settlement demands like this (pdf) from TaylorMade lawfirm Borghese Legal have no official case associated with them.

Now, it could be that TaylorMade watermarks its clips and some of these letters are being sent to those who registered their personal details with the official site and later uploaded content elsewhere. However, private torrent site Empornium, one of the largest adult trackers around, believes it has an alternative explanation.

In a frank email exchange with TorrentFreak and subsequent announcement to its users, the operators of the site reveal that a staff account on its site has been compromised. The site was not hacked in any way but it appears a moderator account login details were obtained and subsequently used to cull private member data from the site.

“It was discovered that the user account of a regular (Mod) rank staff member has been accessed by someone other than the staff member in question. Once this was discovered, immediate steps were taken to prevent further access to sensitive information by this account,” the site said.

“By what we discovered of their activity and reports from users we believe that the unauthorized third party may have been affiliated with TaylorMadeClips and Borghese Legal, LTD. Their intentions appear to be to use information obtained to intimidate users into financial settlements through legal scare tactics. Specifically, users who have downloaded or seeded TaylorMadeClips torrents and are within US jurisdiction appear to be targeted.”

Empornium discovered the breach on Monday and immediately locked down the threat. However, sensitive information had already been obtained.

“The compromised account appears to have been primarily used to obtain the registered e-mail address for these users, and matched to the grabbed / snatched / peers lists of TaylorMadeClips torrents, to determine targets for threatening letters,” they add.

TorrentFreak asked Empornium how they came to the conclusions detailed above, this is what they said.

“We came to the conclusion on who was involved the simple way. We went back through what logs we still had (we keep very limited ones where possible for the simple reason if we are ever compromised we want as little hurtful info around as possible) and what accounts and torrents they pulled up info on,” Empornium told TF.

“Every one was [TaylorMadeClips] content and some of them we already have reports from users that they have received letters to their Empornium registration email address from Borghese Legal specifying those torrents. Many have also received a letter via snail mail. Those reports started around [now 48hrs to 72hrs] ago and alerted us that we may have a problem.”

How the third party (whoever that may turn out to be) obtained the login isn’t clear, but at this stage hacking is being ruled out.

“We know it wasn’t brute forced or similar as failed logins on staff accounts ring all sorts of very loud bells for us. We have had people attempt that attack vector more than once,” the site told TorrentFreak.

At this stage the most likely scenario is that the same user/pass combination could have been used on other sites but a computer compromise might also be possible. In any event, the site has identified the instances of unauthorized access and tracked them down to as-yet undisclosed locations in the United States.

While users of Empornium may be shocked and even disappointed that their information has been accessed in this way, it’s not only unusual but also a credit to the site that they have decided to be so open about the breach. It’s fair to say that many if not most sites would brush this kind of thing under the carpet.

TaylorMadeClips provides no contact information on its site and obscures its WHOIS information so could not immediately be reached for comment. TorrentFreak contacted Borghese Legal but at the time of publication we had not received a response.

Update: Statement from Mark Borghese, Borghese Legal, Ltd.

“My clients handle policing copyright infringement of their videos. My firm only gets involved later if they want to take some type of legal action. These are a small businesses and most of the time they do not want to go through the expense of hiring a lawyer,” Borghese told TF

“The statement from Empornium says that the site was not hacked. Apparently whatever the accused admin[mod] may have done was not done with the approval of the entire Empornium staff. Maybe there is a split among the Empornium admins regarding copyright infringement. It’s a bit of mixed message as the official Empornium statement recommends its users not commit copyright infringement.”

Originally Published: Wed, 11 Feb 2015 10:00:40 +0000
Reply
#2
I'm not on the site, but the staff member in question was m0ember, and also it's been closing down recruitment/invites in the wake of the breach.
Reply
#3
You should all assume that something like this could happen here/at any torrent site you register on/at any site you register on. You should all be using different usernames, passwords and email addresses on every such site, especially any sensitive sites. That's hard to manage, so you should all be using a password manager (keepass is a good open source solution).

We, and admins everywhere, do our best to protect our members but sometimes the worst happens. When it does, if you've failed to protect yourself that's on your head.

Learn from this.
Reply
#4
Exactly. Nothing beats a 32-character password everywhere, including here. And Correct Horse Battery Staple is no longer a viable option now.-_-
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Has anyone purchased traffic for their site? LadyAnn2 3 12,704 Sep 12, 2024, 00:09 am
Last Post: tearfulneedy
  Tbp i2p problem and most secure way to access tbp Verstaaa 12 2,494 May 01, 2024, 00:41 am
Last Post: deadorbit
  Is there a site for managing bulk downloads for a series with per-episode ratings? MaruTheAlmighty 0 908 Apr 30, 2024, 04:44 am
Last Post: MaruTheAlmighty
  It seems like every generation BEFORE the boomers had class Ladyanne3 7 1,828 Apr 21, 2024, 06:43 am
Last Post: Ladyanne3
  ExpressVPN had a flaw for years WW3hasstarted 20 4,938 Feb 18, 2024, 19:34 pm
Last Post: LZA



Users browsing this thread: 1 Guest(s)