Home > Security > Letitbit Premium Passwords

Letitbit Premium Passwords

“All I want to say is that they don’t really care about us”

I rarely quote Michael Jackson, but this time I couldn’t help myself: Letitbit.net really does not care about us, since it places our premium password right in the URL to the file as clear text!

Now, let me show you how they’re doing that and how mean people steal premium passwords from us like candy from a child.

Normally, links to files hosted on letitbit.net look like this: http://letitbit.net/download/9739.95000131d19e87b1d50d8ca981/VLC_Media_Player_1.0.5.zip.html.

If you decide to use your premium account to download the file, you’ll notice there is only 1 field required: the premium password field, which is sent to you via e-mail when you purchase it.

Letitbit.net password field

Letitbit.net Password Prompt

As soon as you enter your password, Letitbit.net sends you to a page where it displays a few direct links to the servers that host the actual files. These links look like this: http://78.140.160.140/downloadp8/aa7db297039_XXXXXXXXXXXX/634270/letitbit.net/VLC-Media-Player-0.9.6.rar (I replaced the real password with a bunch of X’s, for obvious reasons).

Password in the URL

Password in the link

It’s right there, in the URL! (albeit I purposefully blurred it). Neat, huh? Well, not really, especially if you’ve paid money for that password!

Obviously, you can’t give that link to anyone, because they’ll know your password. Maybe that was the intent, but the side-effect is disastrous! Most people don’t read long URLs so they just copy the link and paste it in chats, forums, blogs, etc. Even if they read it, there’s a chance they wouldn’t recognize their password amongst so many hashes that look like random generated characters. Try this Google link to see how many people have shared their premium password with the world!

Google shows your premium password

Letitbit Premium Passwords on Google. Help yourself, boys!

I’ve actually spent a few minutes and tested some passwords, just to see if this theory works. It turns out that most Letitbit passwords on Google have expired or have been removed. Phew!… But, here’s a list of expired passwords, which prove the fact that the developers at Letitbit need a good tutorial on security, since these passwords were once valid and could have been easily stolen by a third-party:

PP211ZYOpdJt
LM56L663948
LWMA55499CDAD40
LM63ZZ7R6FJ
888933985
LM7R742RL96
LMJJR6N5FJZ
LFZL35F6RF7
LM75J6R34J7
PPMb53NdsNWU
RSYASqzrp4Z8
LMFLF353ZLN
LM8ZR4F1F93
LWM0F93996BBCD6
lm75lf6f34l
LPPPL52166RZNN
LM5Z2FZ38Z9
And the list goes on.. If the query includes the IP of the host server, you’ll get even more relevant results, since the IP address is only displayed along with the premium password.
Now, they also display a generated password in the case of free downloads… it looks like “LJXXXXXXXXXX” or something similar (its generated after all). This lame attempt would make premium password searching a bit more difficult if they didn’t have different links for premium downloads and for free downloads! The premium download links have the word “downloadpN” in them (where N is some integer) , while the free download links have the word “downloadN” (i.e. the free download links miss the letter “p” – guess what it stands for!).  I don’t know who thought this was a good idea, but he or she had one too many drinks that day.
So, just when you think things couldn’t get worse, you start seeing links such as this one:  http://r76.vip-file.com/downloadp/7204.7482e6bfc34d5a1c9352497097_vm111977l95/19640/vip-file.com/vty_0260.iso. Notice anything suspicious about it?
The file sharing service vip-file.com is using the same backend as letitbit.net! Aha! A clue, Sherlock!
But who owns vip-file.com? SamSpade’s whois says “GoDaddy”, RIPE says IP (78.140.145.124) belongs to WEBAZILLA B.V.
Just for kicks and giggles, let’s do the same for letitbit.net: SamSpade’s whois says “GoDaddy”, RIPE says IP (78.108.180.168) belongs to.. *wait for it…* WEBAZILLA B.V.!
Apparently, they like GoDaddy and they are (or they like) WEBAZILLA B.V.
Now that you want to believe, you are prepared to see the following list of file sharing services that they own (I’m going to assume it’s WebaZilla):
letitbit.net
vip-file.com
up-file.com
shareflare.net
sharingmatrix.com
anyfiles.net
It would be somewhat OK if they were aliases to the same service, but it turns out that the owners intentionally made these sites look different to attract more naive users. I don’t blame them (too much), but, unfortunately, they’re all willing to share your premium password with the world! It just happened that anyfiles.net and sharingmatrix.com never caught on (thus no premium links on Google).
But wait! The service up-file.com takes this idiocracy one step further! It also displays the time when the premium password was bought, if the password had expired. So now everyone can find out an additional piece of information about that account. I’m thinking that at this point we should thank them for not displaying the credit card number too.

up-file.com expired date

It seems up-file.com has been closed indefinitely, according to the main page of that site, so I officially declare this event a  “great success!” (I wonder if Borat is secretly behind this whole file sharing conspiracy?).
However, letitbit.net is still alive and kicking, and I would love to see this issue fixed as soon as possible. Until then, I’m staying away from Letitbit.net.
About these ads
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: