The popular OpenSubtitles website, a site that provides free subtitles for movie lovers, revealed today that it was breached last year and paid a ransom to prevent the hacker from revealing the attack.
The company today revealed the incident when a copy of the stolen files leaked leaked to the internet and was indexed by HaveIBeenPwned.
OpenSubtitles reported that the data of 6.783.158 users on its website was stolen. This data includes usernames and encrypted passwords, but which used the MD5 algorithm.
"The site was created in 2006 with minimal security knowledge, so passwords were stored with hasd md5 () without salt," the site said in a statement. suspension in the forum that describes the incident in detail.
This means that passwords could be decrypted. So those who have accounts should change their password immediately, and if you use the same password in other services you should do the same.
OpenSubtitles states that any payment card information is stored outside of its platform.
Analyzing the incident further, OpenSubtitles reported that the blackmail attempt took place last August. The reason for the breach was one of the administrators, who used a weak password.
In August 2021 we received a message in the Telegram from a hacker, who showed us that he could access the opensubtitles.org user table and download SQL.
He demanded a ransom in BTC for not revealing it to the public and promised to delete the data.
We hardly agreed, because the amount of money was high. He explained to us how he could gain access and helped us to correct the error. Technically, he was able to crack a SuperAdmin password and gain access to an insecure script, which was only available to SuperAdmin. This script allowed him to perform SQL injections and export the data.
Registration in iGuRu.gr via email
Follow us on Google News