Cloud-based video downloading service Dirpy has been found to leak sensitive data about its users, putting them at risk of all kinds of cyber attacks.
Cybersecurity researchers cyber news revealed how they found an open Kibana instance with 15.7 million private data entries at the end of March 2024. The data included IP addresses of people, account IDs of those with Premium user accounts, activity logs, including the videos that users downloaded, URLs of the requested files. content and user diagnostic information.
We don't know exactly how many people are affected by the leak, but we do know that the majority of Dirpy users are located in the United States and Japan.
Extort victims
cyber news determined that the Kibana instance belonged to Dirpy, an online tool that allows users to convert and download online videos, particularly from YouTube. Videos can be converted to different formats, including .MP3 (audio) and .MP4 (video). The researchers notified Dirpy of their findings, who shortly thereafter closed the database to the public. The private data was available for more than a month, between March 18 and April 24, 2024.
We don't know if any malicious third party found and downloaded the database before. cyber news' the team did it.
While downloading video content from these platforms without the explicit consent of the authors is illegal, cyber news emphasizes, taking it for personal, non-commercial use is legal.
That said, there are ways hackers could have used the database. Apart from the usual phishing, identity theft or social engineering attacks, attackers could, in theory, discover the identity of people who downloaded adult, pornographic or compromising content.
This information could then be used in extortion attacks, blackmailing people into giving away cryptocurrency in exchange for keeping the information private, as poorly protected databases are one of the most common causes of data breaches.