This top online video downloader is exposing user data — and trust us, you don't want some of this data exposed

Cloud-based video downloader service Dirpy has been discovered leaking delicate information on its customers, inserting them liable to all kinds of cyberattacks.

Cybersecurity researchers from Cybernews revealed how they discovered an open Kibana occasion with 15.7 million entries of personal information in late March 2024. The info included folks’s IP addresses, account IDs of these with Premium Consumer accounts, exercise logs, together with which movies the customers downloaded, URLs of the requested content material, and consumer diagnostic info.

We don’t know precisely how many individuals are affected by the leak, however we do know that almost all of Dirpy’s customers are primarily based within the US and Japan.

Extorting the victims

Cybernews decided that the Kibana occasion belonged to Dirpy, an internet software that enables customers to transform and obtain on-line movies, notably from YouTube. The movies might be transformed into completely different codecs, together with .MP3 (audio), and .MP4 (video). The researchers notified Dirpy of their findings who, quickly after, closed the database for the general public. The personal information was obtainable for greater than a month, between March 18 and April 24 2024.

We don’t know if any malicious third events discovered and downloaded the database earlier than Cybernews’ staff did.

Whereas downloading video content material from these platforms with out specific consent from the authors is illegitimate, Cybernews stresses, grabbing it for private, non-commercial use, is authorized.

That being stated, there are methods hackers might have used the database. Asides from the standard phishing, id theft, or social engineering assaults, the attackers might, in concept, uncover the id of the individuals who downloaded grownup, pornographic, or in any other case compromising content material.

This info might then be utilized in extortion assaults, blackmailing folks into freely giving cryptocurrency in alternate for holding the data personal, as poorly protected databases are one of the widespread causes of knowledge leaks.