OpenSubtitles discloses successful extortion attempt, data breach
Catalin Cimpanu January 19, 2022

OpenSubtitles discloses successful extortion attempt, data breach

Catalin Cimpanu

January 19, 2022

OpenSubtitles discloses successful extortion attempt, data breach

OpenSubtitles, a website that provides free subtitles for movie fans, has disclosed today that it was hacked last year and subsequently paid a ransom to silence the hacker about the attack.

The company disclosed today the incident after a copy of the stolen files leaked online and were indexed by the HaveIBeenPwned website.

6.7 million users impacted

OpenSubtitles said the data of 6,783,158 users who registered on its site was stolen following the incident. Exposed information included email, username, and MD5 password hashes.

“The site was created in 2006 with little knowledge of security, so passwords were stored in md5() hashes without salt,” the site said today in a forum post detailing the incident.

This means that most of the passwords could be easy to crack into their plaintext version. The site says it has updated its code and is now recommending that users change their passwords to avoid having their accounts hijacked.

OpenSubtitles said that any user payment card information is safe, as it was stored outside its platform.

The site was hacked and extorted in August 2021. They paid.

Detailing the incident further, OpenSubtitles said the extortion attempt took place last August and blamed the incident on one of its admins, who used a weak password. More below:

In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it.

He asked for a BTC ransom to not disclose this to public and promise to delete the data.

We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.

The OpenSubtitles website is one of the most popular 5,000 sites on the Internet, according to sources like Amazon’s Alexa’s traffic rank and the Tranco list.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.