Empornium, one of the leading private torrent trackers for adult content, says it believes a copyright troll gained access to a staff moderation account and is now using obtained data to threaten its users. The revelations may shine light on why some Empornium users have received settlement threats with no lawsuit filed and no notice from their ISPs.

During the past several years it’s become extremely common for copyright holders in the adult industry to target users of file-sharing networks in order to threaten them with litigation.

The way these users are contacted has remained constant in the vast majority of cases. Armed with a court order, copyright holders force ISPs to hand over the personal details of subscribers so they can be contacted directly for a cash settlement. However, it doesn’t always work that way.

Since mid 2013, mounting anecdotal evidence and reports have suggested that people uploading and sharing certain niche content may have had their true identities exposed via information they posted on the Internet rather than through John Doe lawsuits filed by a copyright holder.

In particular, users have reported receiving cash demands over niche adult material offered by a company called TaylorMadeClips (NSFW). As noted by DieTrollDie in a 2013 article, settlement demands like this (pdf) from TaylorMade lawfirm Borghese Legal have no official case associated with them.

Now, it could be that TaylorMade watermarks its clips and some of these letters are being sent to those who registered their personal details with the official site and later uploaded content elsewhere. However, private torrent site Empornium, one of the largest adult trackers around, believes it has an alternative explanation.

In a frank email exchange with TorrentFreak and subsequent announcement to its users, the operators of the site reveal that a staff account on its site has been compromised. The site was not hacked in any way but it appears a moderator account login details were obtained and subsequently used to cull private member data from the site.

“It was discovered that the user account of a regular (Mod) rank staff member has been accessed by someone other than the staff member in question. Once this was discovered, immediate steps were taken to prevent further access to sensitive information by this account,” the site said.

“By what we discovered of their activity and reports from users we believe that the unauthorized third party may have been affiliated with TaylorMadeClips and Borghese Legal, LTD. Their intentions appear to be to use information obtained to intimidate users into financial settlements through legal scare tactics. Specifically, users who have downloaded or seeded TaylorMadeClips torrents and are within US jurisdiction appear to be targeted.”

Empornium discovered the breach on Monday and immediately locked down the threat. However, sensitive information had already been obtained.

“The compromised account appears to have been primarily used to obtain the registered e-mail address for these users, and matched to the grabbed / snatched / peers lists of TaylorMadeClips torrents, to determine targets for threatening letters,” they add.

TorrentFreak asked Empornium how they came to the conclusions detailed above, this is what they said.

“We came to the conclusion on who was involved the simple way. We went back through what logs we still had (we keep very limited ones where possible for the simple reason if we are ever compromised we want as little hurtful info around as possible) and what accounts and torrents they pulled up info on,” Empornium told TF.

“Every one was [TaylorMadeClips] content and some of them we already have reports from users that they have received letters to their Empornium registration email address from Borghese Legal specifying those torrents. Many have also received a letter via snail mail. Those reports started around [now 48hrs to 72hrs] ago and alerted us that we may have a problem.”

How the third party (whoever that may turn out to be) obtained the login isn’t clear, but at this stage hacking is being ruled out.

“We know it wasn’t brute forced or similar as failed logins on staff accounts ring all sorts of very loud bells for us. We have had people attempt that attack vector more than once,” the site told TorrentFreak.

At this stage the most likely scenario is that the same user/pass combination could have been used on other sites but a computer compromise might also be possible. In any event, the site has identified the instances of unauthorized access and tracked them down to as-yet undisclosed locations in the United States.

While users of Empornium may be shocked and even disappointed that their information has been accessed in this way, it’s not only unusual but also a credit to the site that they have decided to be so open about the breach. It’s fair to say that many if not most sites would brush this kind of thing under the carpet.

TaylorMadeClips provides no contact information on its site and obscures its WHOIS information so could not immediately be reached for comment. TorrentFreak contacted Borghese Legal but at the time of publication we had not received a response.

Update: Statement from Mark Borghese, Borghese Legal, Ltd.

“My clients handle policing copyright infringement of their videos. My firm only gets involved later if they want to take some type of legal action. These are a small businesses and most of the time they do not want to go through the expense of hiring a lawyer,” Borghese told TF

“The statement from Empornium says that the site was not hacked. Apparently whatever the accused admin[mod] may have done was not done with the approval of the entire Empornium staff. Maybe there is a split among the Empornium admins regarding copyright infringement. It’s a bit of mixed message as the official Empornium statement recommends its users not commit copyright infringement.”