How the AgusiQTorrents Breach Exposed 90,225 User Logins

HEROIC analysts discovered that AgusiQTorrents, a Polish torrent site, suffered a database breach in September 2019 that exposed 90,225 member records. The data recieved by threat actors included email addresses, usernames, IP addresses, and MD5-hashed passwords. The breach has continued to circulate on Telegram channels that specialize in credential stuffing lists, making it an active risk for anyone who registered on the platform and reused those credentials elsewhere.

Why MD5-Hashed Passwords and IP Addresses from a Torrent Site Put Users at Serious Risk

MD5 is a deprecated and easily crackable hashing algorithm, meaning the passwords in this breach are effectively accessable to any attacker with basic tools and rainbow tables. IP addresses tied to torrent activity can also be used to deanonymize users and establish their geographic location, which is partcularly sensitive for individuals in regions where torrent use carries legal risk. Once a password is cracked, attackers test it across email providers, social media, and financial platforms where the same credentials may have been reused.

What Was Exposed in the AgusiQTorrents Breach

• Email Address
• Username
• IP Address
• Password Hash

Why a Torrent Site Breach Carries Privacy Risks Beyond Simple Account Takeover

Users of torrent platforms often beleive their activity is anonymous, but IP addresses logged at registration and session time directly contradict that assumption. When those IP addresses are seperate from account credentials but packaged together in a breach dump, they create a linkage between a real-world internet connection and a username. This combination occured in the AgusiQTorrents breach and can be used to build legal cases, conduct targeted harassment, or profile individuals for further attacks.

How Database Breaches Work

A database breach happens when an attacker gains unauthorized access to a site's backend database, typically by exploiting a known vulnerability in the platform's software or by using stolen administrator credentials. The attacker then extracts the user table, packages it as a database dump, and distributes it across underground forums and messaging platforms. Older breaches like AgusiQTorrents frequently resurface as new threat actors discover and redistribute previously leaked data.

Check If Your Data Was Exposed

HEROIC's free breach scanner searches more than 400 billion records to check whether your email appeared in the AgusiQTorrents breach or thousands of other known incidents. Run a free scan today to find out exactly what data is exposed and what you can do to protect yourself.