10 Million Online Pirates Exposed By Data Leak

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Users of the online piracy website, Z-Library, had their data leaked by scammers.

Z-Library served as an extremely popular spot to download free academic papers and books, however, unknown to users, a team of scammers were collecting their data.

Over 10 million users had their usernames, email addresses, and passwords posted online for anyone to view. On top of that, users who connected their Bitcoin or Monero crypto wallets had them broadcast for the world to see. This is the largest data leak on digital pirates in history, surpassing the 2007 Pirate Bay breach.

Users also saw their country codes, comments, timestamps, invoices, and more posted online.

Hackers pulled off this large-scale phishing scheme by setting up a mock website of the original Z-Library. After an investigation, Z-Library’s website was taken down by Argentinian authorities, and its two creators were arrested.

Several scammers took advantage of this by creating a brand new Z-Library website, Z-lib[.]is, within a couple of days of the website going down. This website continued to operate like the original, even garnering a larger user base than the first Z-Library had. However, whenever a user downloads a file, it collects their personal data and sends it back to the scammers.

“The sheer amount of compromised accounts in this leak is almost unprecedented. It’s rare to find such malicious campaigns running for so long, so successfully, and attracting so many victims. The identified 10 million accounts likely exceed the number of accounts from the original Z-Library website before its takedown,” researchers who discovered the breach explain.

Researchers also confirmed that victims are already being spammed with malicious links and further phishing attempts. On top of opening up users to harassment from criminals, it could potentially open up some users to legal repercussions.

“This leak is extremely disturbing as it deanonymizes millions of crypto wallets and links related transactions to individuals who tried to access pirated content. Not only that compromises privacy, but also financial and personal safety,” explains the Cybernews research team.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment