PTP Affected by Peer-Stealing!
Peer Leaking Attack
This morning PassThePopcorn suffered a peerleaking attack, similar to the one perpetuated against BTN earlier in the week. A malicious individual hacked into a user's account, then used that account to scrape peers from a few torrents. He then injected those stolen peers into a public swarm, in an effort to get our users targeted with DMCA letters. We have not received any reports of DMCA notices as of yet.
To be clear -- this was not an attack by a copyright agency, but by a degenerate individual attempting to harm our community. It was deliberate unprovoked sabotage.
The entire attack lasted less than three hours, but now we need to deal with the fallout. There will be some changes coming down the wire in the next few days to ensure such risks are mitigated in the future.
As a reminder, you are free to use a seedbox or a private (paid) VPN to download and seed. We just ask that you don't use open proxies or massively shared VPNs.
What do I do about it?
All users who were affected by this breech will receive a pm in the next few hours with detailed instructions about how best to proceed. If you do not receive a PM in the next 24 hours then you were not affected.
This attack would not have been possible had it not been for the hacked account the perpetrator got access to. We encourage all of our users to use a unique password -- one that they don't use on any other site. The password should be at least seven characters long, and contain uppercase, lowercase, numbers, and symbols. http://strongpasswordgenerator.com is a pretty easy way to generate unique passwords. There are also many password vaults like http://keepass.info/ available to assist you in storing unique passwords without having to remember them.
What are the staff doing about it?
Given the attack on BTN we had already started implementing new security measures before the attack hit. As of yesterday, accounts who upload .torrents containing their passkey to a public tracker (thereby exposing the ips of the private swarm) will automatically be banned. This inadvertently also caught up some users of privateinternetaccess vpn. If you use PIA make sure you download the full client and then enable port forwarding.
Going forward we will be instituting new security measures to identify peerleaking attacks such as the one that just occurred, and to automatically mitigate them. We will also be instituting a global password reset, to prevent malicious individuals from easily hacking accounts.
The PTP staff apologizes to anyone affected by this despicable act. It's a rather sad state of affairs when some trackers choose to actively sabotage other communities. Rest assured we will mitigate the underlying problems. The safety of our users is one of our highest priorities.