More details leaked from ACS: Law illegal file-sharing lists

28 Sep 2010

A further 8,000 UK Sky broadband users and 400 PlusNet appeared on leaked lists online, detailing their names, addresses, IP addresses and the music they allegedly downloaded illegally.

These come after a list of more than 5,000 people suspected of downloading pornographic movies illegally was leaked, coming from the legal firm ACS: Law, following a denial of service attack it experienced.

According to the BBC, the new lists also contain details of how much compensation infringers paid ACS: Law and internal case notes.

The UK Information Commissioner said the legal firm could be fined up to £500,000 for the breaches in privacy.

“The question we will be asking is how secure was this information and how it was so easily accessed from outside,” said Christopher Graham, UK Information Commissioner.

“We’ll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public facing.

“The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the (Data Protection Act),” he added.

ACS: Law’s website experienced denial of service attacks by users of message board 4chan, who are opposed to its anti-piracy aims. The initial list appeared online after this attack.

According to The Register, people involved said that the data was exposed on directories on ACS:Law’s homepage, a mistake it made while trying to bring the site back up after the DDoS attack, meaning that there was no ‘hacking’ involved in finding the lists.

The firm sends thousands of letters to alleged internet pirates, asking them to pay £500 per infringement or face court.

It uses third-party companies to search online for possible infringements of film and music copyright.

Once it has IP address of those who may have infringed copyright, its lawyers apply for a court order to get the physical address of the PC from the service provider whose network has been accused of file sharing.

It has been criticised in the past over claims that it has wrongly accused people of infringing copyright. Many also point out that IP addresses can be spoofed.

ACS: Law was one of the numerous entertainment-industry affiliated companies to receive such attacks from 4chan users.

The MPAA and RIAA were also attacked and brought offline, believed to have been done to oppose action taken against The Pirate Bay.