Skip to content
Data breachResolved

6.6 million users exposed in data leak at YGG Torrent

In March 2026, a lone hacker known as Gr0lum fully compromised the French BitTorrent tracker YggTorrent, exfiltrating roughly 6.6 million user accounts plus emails, password hashes, IP addresses and 54,776 plaintext bank card records before the site shut down permanently.

Victim
YGG Torrent
records
6.6M

On 4 March 2026, YGG Torrent (YggTorrent) β€” long the largest French-language BitTorrent tracker β€” was completely compromised by a lone hacker using the pseudonym Gr0lum, in an operation dubbed "YggLeak." Over the course of a single night the attacker exfiltrated roughly 19 GB of internal data, wiped the four main production servers, and left the site displaying a "definitive closure" notice.

The intrusion did not require sophisticated tooling. According to the leak documentation, a SphinxQL search service was exposed on the internet without authentication, allowing local server files to be read β€” including a Windows file that stored an administrator password in plaintext. From that foothold the attacker pivoted across the infrastructure to reach the main tracker, forum, shop, and production databases.

The breach affected approximately 6,629,000 user accounts. Exposed data included:

  • Email addresses, usernames, password hashes, IP addresses and browsing history
  • Tracker, forum and WooCommerce shop databases (including 89,000+ orders)
  • The site's complete source code and server architecture
  • Internal financial records and administrator communications
  • A trove of 54,776 payment-card records (card numbers, CVV codes and expiry dates) that the operators had been silently capturing in plaintext via a script named Security.php

The leak also revealed that the supposedly volunteer-run platform was a commercial operation generating an estimated €5–8.5 million in 2024–2025 revenue, and that scripts were used to fingerprint visitors' crypto wallets (MetaMask, Phantom, Trust Wallet). Following the attack YggTorrent shut down permanently; the torrent catalogue was migrated by the attacker to a successor address, while millions of users were left exposed to credential and payment-card fraud.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-03-04-ygg-torrent
  2. journalducoin.comhttps://journalducoin.com/economie/yggtorrent-scandale-financier-fuite-donnees/
  3. kulturegeek.frhttps://kulturegeek.fr/news-348169/yggtorrent-ferme-portes-apres-enorme-piratage-yggleak
  4. clubic.comhttps://www.clubic.com/actualite-603118-fuite-yggtorrent-ce-que-contient-et-ne-contient-pas-l-archive-de-11-go-publiee-apres-la-chute-du-site.html

Related incidents