It's one of the most popular streaming video sites on the Web. I've warned you about it before, but now we're seeing the consequences. Hackers can hit you through this site, and hit you hard. It's all thanks to the tactic the site uses to avoid being shut down by ISPs. It gives hackers a way onto your computer.
If you love free movies and don't mind pirated films, then you've probably heard of Popcorn Time. This relatively new site holds a collection of hundreds and hundreds pirated movies that you can stream to your TV for free.
But Popcorn Time's sketchy Web practices have left a big loophole in its coding, making it as easy as pie for hackers to break in to your computer.
In order to get around Internet Service Providers' (ISP) strict illegal content guidelines, the site connects directly to the CloudFlare network that hosts thousands of websites in addition to Popcorn Time. So if an ISP wanted to block or remove the site, it would need to shut down the entire CloudFlare network and the websites hosted on it.
So, hackers have uncovered this strange set of circumstances and worked to exploit them. They use a "man-in-the-middle" type attack to intercept the data sent from Popcorn Time to users and send infected data to the user instead of the video the user requested.
Once the hackers send the malicious data to the user and the user opens it, the hacker has complete control over the user's computer. They can access banking information, ISP address and account information, and whatever else they set their sights on.
The lack of CloudFlare security verification protocols coupled with Popcorn Time's overall poor security standards are to blame for this coding flaw. Security teams for Popcorn Time are working to repair this issue, but according to the site, it's not really concerned about this attack posing a serious threat to users.
A statement released on the Popcorn Time website says, "A man-in-the-middle type of attack is very unlikely to happen to anyone: a potential intruder would need to already be present in your network. This means that they would need to have access to your WiFi or your ethernet, or that they are your Internet Access Provider."
We'll keep you updated about this flaw and other important security breaches on our Happening Now page. But until a patch is released, just sit tight and stick to Netflix and other legal video streaming sites.