1337x Admin Ignores Account Hijacking Issue, Staff Leaves Torrent Portal

Drama in the pirating community as mods leave popular 1337x torrent portal and create their own clone.An unresolved security bug has forced a large part of the 1337x staff to leave the torrent portal and start their own website from scratch.

1337x is one of the biggest torrent portals on the Internet, being ranked #9 on TorrentFreak’s list of Top 10 torrent sites for 2015 and ~1,200 in Alexa’s traffic rankings.

It appears that, for the past few weeks, after the site went through a redesign, a security hole was opened on the portal, which the site’s owner did not want/could not fix,TorrentFreak reports.

1337x Admin Ignores Account Hijacking Issue, Staff Leaves Torrent Portal

Unfixed account hijacking issue forces moderators to leave

According to accounts from various 1337x moderators, an unconfirmed stored XSS (cross-site scripting) vulnerability exists in the portal’s comments system, one that allows attackers to take over the accounts of users who reply to a comment.

Attackers are using this technique to hijack accounts and then post various types of spam on the site, from comments to malicious torrents.

In the light of this situation, many members of the 1337x staff have reported the issue to the site’s owner, the only one with access to the portal’s source code.

Former staff starts new torrent sharing portal

After weeks during which no reply came, most site moderators and some users with admin privileges have left the site and started a new torrent portal from scratch.

Some of the moderators and admins were also in charge of some of the portals domains, such as 133x.com, 1337x.net, and 1337x.org, but not the original 1337x.to domain. Some of these domains are now dead, but 1337x.net redirects to the staff’s new website, the leetxtorrents.org domain.

After the runaway cast of 1337x admins left, the owner of the 1337x.to finally resurfaced and posted a message on the site, claiming there is no security hole: “An article appeared quoting 1337x as unsecure website. Rest assured 1337x is secure and actively developed website and its content moderated for user security. We are actually working on new features that will be available soon.”



About webimprint

Webimprints is the leading company which provides global information security services to the client around the World.
This entry was posted in Cyber Security, Software Testing company in Mexico, Vulnerabilidad and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s