The popular OpenSubtitles website, a site that provides free subtitles for movie lovers, revealed today that it was breached last year and paid a ransom to prevent the hacker from revealing the attack.
The company today revealed the incident when a copy of the stolen files leaked leaked to the internet and was indexed by HaveIBeenPwned.
OpenSubtitles reported that the data of 6.783.158 users on its website was stolen. This data includes usernames and encrypted passwords, but which used the MD5 algorithm.
“The site was created in 2006 with minimal security knowledge, so passwords were stored with hashes md5() without salt,” the site says in a suspension in the forum that describes the incident in detail.
This means that passwords could be decrypted. So those who have accounts should change their password immediately, and if you use the same password in other services you should do the same.
OpenSubtitles states that any information from cards payments is stored outside of its platform.
Analyzing the incident further, OpenSubtitles reported that the blackmail attempt took place last August. The reason for the breach was one of the administrators, who used a weak password.
In August 2021 we received a message in the Telegram from a hacker, who showed us that he could access the opensubtitles.org user table and download SQL.
He demanded a ransom in BTC for not revealing it to the public and promised to delete the data.
We agreed with difficulty, because the amount of money was high. He explained to us how he was able to access it and helped us fix the error. Technically, he was able to hack a SuperAdmin's password and gain access to a non- safe script, το οποίο ήταν διαθέσιμο μόνο για τους SuperAdmin. Αυτό το script του επέτρεψε να πραγματοποιήσει SQL injections and extract the data.