The website TheTVDB.com by many media software is used to information about serials, is cracked. A hacker succeeded in 58.000 usernames and passwords.
Via a sql injection could the hacker, who Tweakers.net has tipped, usernames and passwords trick. The passwords were bad gehasht, the hacker: he succeeded easily in to the passwords of the administrators to crack, probably via rainbow tables.
In addition to the data of 58,000 registered users could get the hacker information about 8000 api users to harvest. The api TheTVDB.com is used by many mediacentersoftware, such as Sick Beard and XBMC, and for example, by the Dutch site Bierdopje.com. The website acts as a kind of wiki: everyone can information about tv-series to add and remove. The database of the site contains only information from users themselves on the site have registered, and not from users that are only using a program like Sick Beard or XBMC to connect.
Scott Zsori of TheTVDB.com says it all some time, to have been aware of the vulnerabilities, but the developers would be ‘too busy’ with a new version of the site to the existing version. Also, the existing code is very sloppy. Zsori now has a number of checks built-in to sql-injections should be avoided. Also, as a precaution, passwords of administrators changed.
He says he is ‘disappointed’ that Tweakers.net publish about the hack: “I think this is a negative effect on the htpc community.” TheTVDB.com is a volunteer project with limited manpower, do Zsori. “We only have two programmers who work on this project.” He is afraid that publicity about the hack can ensure that the site as a precaution, offline, until a new version is developed. That would be a couple of months can last.
Whether the site actually goes offline, is unclear. If that happens, some mediacentersoftware for example, do not automatically episodes of tv-series acquisition and meta-information about the series no longer be downloaded. not all software has support for alternative sources of information. The hacker who Tweakers.net example, has the website a week earlier at the height stated, but it was no action taken.
