7 million user details leaked after OpenSubtitles hack

/in


One of the biggest sources of subtitles on the internet, OpenSubtitles, has been hacked.

The attack apparently happened back in August 2021, when the attackers were able to fetch the personal data of about 7 million of its subscribers. Such data includes usernames, passwords, emails, and even IP addresses.

For a quick background, OpenSubtitles was founded back in 2006 and stores millions of subtitle files for different movies and TV series in different languages.

OpenSubtitles only notified its users on its own forum last January 18, 2022. As per the administrator, they received a Telegram message from the hacker themselves way back in August 2021. The attackers were able to show proof that they could access the user table of opensubtitles.org, and downloaded a SQL dump from it.

The hacker is then asking for a BTC ransom to not release the data to the public and pledges to delete the data.

However, it looks like the attacker is a good person, at least at the start. As per the admin, “We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.”

Sadly, it looks like the promise was broken. By January 11, 2022, OpenSubtitles received another message from who’s apparently a “collaborator of the original hacker” that’s now making similar demands.

Related

The administrator tried to contact the original hacker but didn’t get a response. By January 15, they discovered that the data has already been leaked online.

OpenSubtitles takes responsibility by admitting its poor security and calls the hack a “hard lesson”. The website has apparently poured time and money to secure its website and is requiring its users to change their passwords.

However, since the attackers already got a hold of the data months prior, the problems could become larger to affected accounts.

Possibly those who will become majorly affected are users who use the same email and password…

Source…