“Go Unlimited,” a specialized hosting service that completely ignores all incoming copyright infringement notices, has apparently been hacked by a competitor. Even worse, the user database has been stolen by the infiltrators. So passwords in plaintext form have been exfiltrated, and all videos have been removed from the platform.
Although the site is undergoing a restoration effort right now, its customers’ trust has certainly been irreversibly shaken. This is a service provider meant to support illegal pirate sites’ operations, so being hacked and having the information of your clients stolen isn’t resonating well with such a sensitive and vulnerable community.
At the time of the attack, the site went down completely, and rumors started to spread. A multitude of sources confirmed the hack which was supposedly a retaliation against Go Unlimited. Allegedly, it was the owner of Go Unlimited who launched a DDoS attack against a competitor first. The revenge did include DDoSing, but it wasn’t the main dish of the menu. Reportedly, the DDoS was to distract Go Unlimited and clear the way for a server hack, eventually resulting in database access and user information theft.
There are already screenshots of the database showing usernames and cleartext passwords circulating the net, and TorrentFreak has run some tests confirming that the information is valid. This means users should immediately change their passwords now, even if the hacker stated that they wouldn’t make the stolen data publicly available.
Their goals were to send a message to Go Unlimited and also to hold them for ransom. To return the 444 TB of videos wiped from the database, the hacker asks Go Unlimited to pay them 1 Bitcoin (about $11,350).
Go Unlimited attempted to ignore the demands and restored from backups yesterday, but the hackers managed to wipe it again. Apparently, the attacker planted rootkits onto the servers to ensure that cleaning the site and restoring everything wouldn’t be that simple.
The pirate site hosting service operator confirmed the attack and its aggressive nature but denied that their database was indeed compromised. Instead, they say that the competitors share screenshots showing fake information, contradicting TorrentFreak’s confirmation.