Go Unlimited, a very popular “DMCA-ignored” hosting solution frequently used by pirate sites, was hacked yesterday. It appears that the site’s user database including plaintext passwords was compromised and all videos were removed. The site is doing its best to recover but the attacker, who acted on behalf of a competitor, says he has rootkits installed to do more damage if needed.
With millions of views per month, Go Unlimited is one of the most popular hosting services for pirate streaming sites.
Most video hosting services try to avoid a pirate stigma whenever they can, but that’s not the case for this one.
DMCA Ignored Hosting
The hosting service, which was founded by a Kuwaiti entrepreneur named Bader, launched in 2016 with the aim of being a ‘takedown resistant’ platform. The operator runs several video streaming sites including Fushaar.com and launched Go Unlimited due to a lack of stable video hosts.
As other sites were plagued by takedown requests from copyright holders he created his own to bypass this problem.
“Thanks to our techniques, by hiding the original source of the videos and misleading the networks providers, we were able to ignore the DMCA takedown requests,” Bader previously informed us.
Go Unlimited Was Hacked
At the time of writing, Go Unlimited has a much bigger problem than copyright holders. Yesterday afternoon the site went down and soon after several sources said that the site had been hacked.
We are generally very reserved in reporting on hacking claims, especially after the alleged hacker reached out directly. However, due to the size of the site and the seriousness of the information we received, this one was hard to ignore.
TorrentFreak spoke to the hacker who explained that Go Unlimited was targeted because Bader allegedly DDoSed a friend, who operates a competing site. To help out this friend the hacker decided to retaliate, starting with a massive DDoS attack yesterday.
This attack took out Go Unlimited for several hours. However, it was supposedly just a distraction for something bigger. While Go Unlimited was busy mitigating the DDoS attacks, the site’s servers were reportedly compromised and later wiped.
Usernames and Plaintext Passwords
The attacker shared several screenshots of the information he obtained, including a recent database copy. This includes usernames, plaintext passwords, emails, as well as payout details, including amounts.
All information appears to be legitimate. We ran some tests to confirm that the database screenshots indeed came from Go Unlimited, which passed. For example, when we shared the unique ID of a Go Unlimited file, the hacker could find the associated info within seconds.
Needless to say, Go Unlimited users should immediately change their passwords to prevent their accounts from being compromised. The hacker informs us that he doesn’t have any plans to share the user data in public, but that’s no guarantee.
All signs suggest that the goal of this attack is much more personal. It comes down to a feud between competitors that got out of hand. The hacker wasn’t willing to share the name of his friend’s site, but his demands to Bader are clear.
After the servers were compromised, the attacker copied all data and wiped the servers. Some data was later restored, presumably with dated backups. However, the hacker says he is willing to return all recent data, including 444 Terabytes of videos, in exchange for 1 Bitcoin.
The question remains whether paying up is the best option. After all, how do you know that you can trust that this will really resolve the problem?
After the servers were initially restored yesterday evening they were later wiped again. According to the information we received the attacker installed rootkits, which means that the servers could still be compromised at the time of writing.
Most of this information comes from a single source, which makes it a little one-sided. However, given the gravity of the allegations and the fact that others are picking them up too, we felt that it is our duty to share what information we have.
We also reached out to Go Unlimited which confirms that they were “attacked very aggressively.” Bader danies that the database was compromised, however, and suggests that the hacker is sharing fake information from the competitor’s database.
The information we have seen suggests that the hack appears to be legitimate, but if more information becomes available we will update this article accordingly.
Many thanks to TorrentFreak for the breaking news.