Hackers are taking credit for at least three breaches at anti-piracy firm MediaDefender. The newly revealed attacks threaten to turn what started as an embarrassing e-mail leak into a full-blown security meltdown for the company.

The revelations began Saturday, when more than 6,000 internal company e-mails were exposed in a 700-megabyte BitTorrent download. A note from the hackers that accompanied the download points to a MediaDefender employee's personal Gmail account as the source of the purloined mail, which covered six months of internal correspondence.

At least two more MediaDefender hacks have emerged since Saturday. In one, hackers obtained a copy of an internal company database identifying some of the decoy files the company has slipped onto peer-to-peer networks. In the other, intruders released a digital recording of a private phone call that appears to be a discussion between MediaDefender personnel and staff at the New York attorney general's office.

In that phone call, ironically, a man who seems to be a MediaDefender official is heard reassuring law enforcement agents that the company's systems are secure.

The stolen database may have been obtained after hackers noticed that the MediaDefender employee's e-mail contained the IP addresses of company servers, as well as server-login information and passwords.

MediaDefender is an anti-piracy company that works with the entertainment industry to thwart the trading of copyright content on file-sharing networks. The company scans the networks and notifies content owners when their material appears on download sites. MediaDefender also posts decoy movie and music files to make it difficult for users to distinguish real from fake content.

The first internal MediaDefender e-mail surfaced two months ago at a site called ZeroPaid. The message discussed a list of P2P download sites that MediaDefender was proposing (if the message is authentic) to monitor for Fox Studios.

MediaDefender, which did not respond to calls for comment, appears to have been aware of the leak at the time, because the company seems to have discussed it in the phone call with the New York attorney general's office that was posted online by the hackers this week.

According to the audio file of the phone conversation, the company was working under contract with the attorney general on a highly important and secretive global project to track child porn on file-sharing networks. The file appears to be a conversation between Ben Brodsky of MediaDefender and three investigators and analysts from the New York attorney general's office – among them Mike McCartney, a special investigator with the state's Criminal Prosecutions Bureau.

The call includes a discussion about the security of MediaDefender's server in light of the initial e-mail leak. An investigator says the attorney general's operation with MediaDefender is "extremely sensitive," and if the state is to rely on the company for criminal evidence related to child porn, it needs assurance that data on MediaDefender's servers isn't vulnerable to manipulation.

In the recording, the voice that appears to be Brodsky acknowledges that his company is "a major target of hackers," but assures the investigators that the company's server wasn't compromised and that the e-mail must have been intercepted in transit.

He also offers that if they want to be extra cautious, they could change the login and password for the data link they've set up between the two offices and communicate these login details only over the phone.

"The e-mail isn't really an issue as long as we don't really say anything particularly sensitive in the e-mails," he says in the call.

It's unclear how the conversation was recorded by the hackers, but a note from the person who posted the audio file on BitTorrent claims that intruders have been monitoring MediaDefender's phone system for nine months.

When asked to confirm whether the audio file of the phone call was authentic, a spokesman for the New York attorney general's office refused to comment.

Discussions on blogs have speculated how hackers obtained the e-mails from MediaDefender. A note from the hacker who posted them on BitTorrent thanked a MediaDefender employee named Jay Mairs for forwarding all of his company e-mail to his Gmail account.

One popular theory holds that Mairs probably used his Gmail login to sign up with one of the file-sharing services he was monitoring, and used the same password as on his Gmail account. Then, so goes the theory, someone with administrative access to the account traced his IP address to MediaDefender, and then either decided to log in and take a look at Mairs' e-mail or provided the login information to a hacker.

The blogger who first posted information about the e-mails being available for download at BitTorrent told Wired News that he learned about them when someone from a Swedish domain sent him an e-mail tipping him off.