Over 10m Marijuana Site Chat Messages Leaked Online
I have information on two different breaches to share today. Coincidentally they both involve sites that show videos to their user base.
The first has to do with TheTreesNetwork.com, a marijuana-enthusiast site where people are invited to casually gather and chat while watching videos that appeal to that target demographic. Personally, I have no feelings one way or the other regarding marijuana usage. But I do have a soft spot in my privacy-loving heart for people who may be saying incriminating things in an online chat without knowing that logs are being kept and their identities could be easily compromised by a breach.
On May 8th, I notified the site of their unprotected MongoDB database in an unusual, but certainly effective way. After joining the chat, I wrote “What would you do if I had proof that this site is leaking user details?”. The response from the crowd was basically, “Prove it.” So, I did by posting an Imgur.com link to an image showing an overview of the database (but not the specific IP address or any user details).
Learn more about MacKeeper Security tools that helps you stay protected while surfing online.
An admin was very quick to respond, as I expected. He (or possibly she) fixed the problem in mere minutes. It may have been the worlds fastest incident response.
As you can see in the first screenshot above this post, the unprotected Trees Network database contained over 10 million chat messages coming from over 44,000 users. Im willing to bet that some of those chats would qualify as self-incriminating.
If anyone had admitted to criminal activity in one of those chat messages, then that person might be alarmed to learn that The Trees Network also keeps logs of its users IP addresses (see the second screenshot above). So, even if you are chatting under a pseudonym, all it would take is a subpoena to your internet service provider to find out who you are (assuming that a proxy or VPN is not being used).
The passwords found in the database were obscured using a strong hashing method (bcrypt). So, while it would be a good idea for users of the site to change their passwords, it wouldnt be trivial for a malicious actor to break them.
The lesson to learn here is to always be careful about what you say online. You never know when it might come back to haunt you.
I believe the second data breach that Im mentioning today involves the site Telly.com. However, I cant be absolutely certain about that because they wont answer my emails, they havent responded to Twitter messaging, and their DMCA phone line gives me a busy signal. Its ridiculous.
Ive been trying to alert them that they may be leaking account details of over 14 million users. Telly.com seems to be a primarily Arabic site, but plenty of it is in English, so I was hoping we could communicate. If you speak their native language, perhaps you could ask them to contact me at email@example.com so we can discuss the potential breach. As you can see in the third screenshot above this post, it could be a fairly serious one.
Attention - Portions of this article may be used for publication if properly referenced and credit is given to Kromtech Security Center.
Do you have security tips or suggestions? Contact: firstname.lastname@example.org