Security Experts:

Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom

OpenSubtitles Hack Shows Why Paying Ransom Offers No Guarantees 

Popular subtitles website OpenSubtitles on Tuesday admitted that its systems had been hacked after the details of nearly seven million user accounts were leaked, despite the site allegedly paying a ransom to avoid this situation.

Law enforcement and cybersecurity professionals have often advised against paying a ransom to cybercriminals as it encourages them to continue their malicious activities, and there is no guarantee that the attacker will hold up their end of the bargain. The OpenSubtitles hack is a perfect example of this.

According to a forum post from OpenSubtitles’ administrator, the opensubtitles.org website was hacked by someone in August 2021. The attacker had exploited a series of vulnerabilities to obtain user data and then asked for an undisclosed amount of bitcoin in exchange for not making the hack public and deleting the data.

“We hardly agreed, because it was not low amount of money,” the OpenSubtitles admin said. “He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.”

The admin added, “He gained access to all users data - email, username, password...He promised the data would be erased and he would help us secure the site after the payment.”

While the ransom was allegedly paid, the data obtained as a result of the hack has recently surfaced online.

The Have I Been Pwned breach notification service has identified more than 6.7 million user records, including username, email, IP address, country, and unsalted MD5 password hash.

OpenSubtitles hack

OpenSubtitles users have been advised to change their password. The site claims to have implemented various security improvements on opensubtitles.org in response to the incident, and noted that its new site, opensubtitles.com, was built with better security from the start.

Nevertheless, users have been advised to change their password on both the new and old websites, as well as on the OpenSubtitles forum.

Related: Personal Information Compromised in Goodwill Website Hack

Related: Ransomware Operators Leak Data Stolen From Wind Turbine Giant Vestas

Related: 773 Million Records Amassed in Massive Data Breach Collection

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.