Dirpy’s Misconfiguration Exposes User Data: IP Addresses and Explicit Content Leaked

The Cybernews research team recently uncovered a major security breach at Dirpy, an online video downloader service. The team found an open Kibana instance belonging to Dirpy, exposing sensitive user data to potential threats. Dirpy, known for its video downloading service for YouTube and adult websites, failed to properly secure its system, leading to the leak of 15.7 million entries of private data.

The leaked data included user IP addresses, premium user account IDs, activity logs with downloaded content (including explicit material), URLs of requested content, and user diagnostic information. This breach raised concerns about user privacy and security, especially considering the nature of the downloaded content.

The exposed data was available from March 18th to April 24th, 2024, until the Cybernews team alerted Dirpy and access to the instance was secured. The leak highlighted the importance of proper cybersecurity measures and the potential risks of leaving systems vulnerable to unauthorized access.

Dirpy’s failure to secure its system serves as a reminder of the importance of safeguarding personal information online. The incident underscores the need for users to exercise caution when using online services and consider using VPNs or secure proxies to protect their data from potential breaches. Cybernews has reached out to Dirpy for an official comment on the breach but has not received a response yet.