This top online video downloader is exposing user data — and trust us, you don’t want some of this data exposed

Video downloader found exposing people who downloaded adult content

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cloud-based video downloader service Dirpy has been found leaking sensitive data on its users, placing them at risk of all sorts of cyberattacks.

Cybersecurity researchers fromCybernewsrevealed how they found an open Kibana instance with 15.7 million entries of private data in late March 2024. The data included people’s IP addresses, account IDs of those with Premium User accounts, activity logs, including which videos the users downloaded, URLs of the requested content, and user diagnostic information.

We don’t know exactly how many people are affected by the leak, but we do know that the majority of Dirpy’s users are based in the US and Japan.

Extorting the victims

Cybernewsdetermined that the Kibana instance belonged to Dirpy, an online tool that allows users to convert and download online videos, particularly fromYouTube. The videos can be converted into different formats, including .MP3 (audio), and .MP4 (video). The researchers notified Dirpy of their findings who, soon after, closed the database for the public. The private data was available for more than a month, between March 18 and April 24 2024.

We don’t know if any malicious third parties found and downloaded the database beforeCybernews’ team did.

While downloading video content from these platforms without explicit consent from the authors is illegal,Cybernewsstresses, grabbing it for personal, non-commercial use, is legal.

That being said, there are ways hackers could have used the database. Asides from the usual phishing,identity theft, or social engineering attacks, the attackers could, in theory, discover the identity of the people who downloaded adult, pornographic, or otherwise compromising content.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This information could then be used in extortion attacks, blackmailing people into giving away cryptocurrency in exchange for keeping the information private, as poorly protected databases are one of the most common causes of data leaks.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

GoPro Max 2 hit by further delays – 2025 is the earliest we’ll see the 360-degree action cam