OpenSubtitles Hack Shows Why Paying Ransom Offers No Guarantees
Popular subtitles website OpenSubtitles on Tuesday admitted that its systems had been hacked after the details of nearly seven million user accounts were leaked, despite the site allegedly paying a ransom to avoid this situation.
Law enforcement and cybersecurity professionals have often advised against paying a ransom to cybercriminals as it encourages them to continue their malicious activities, and there is no guarantee that the attacker will hold up their end of the bargain. The OpenSubtitles hack is a perfect example of this.
According to a forum post from OpenSubtitles’ administrator, the opensubtitles.org website was hacked by someone in August 2021. The attacker had exploited a series of vulnerabilities to obtain user data and then asked for an undisclosed amount of bitcoin in exchange for not making the hack public and deleting the data.
“We hardly agreed, because it was not low amount of money,” the OpenSubtitles admin said. “He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.”
The admin added, “He gained access to all users data – email, username, password…He promised the data would be erased and he would help us secure the site after the payment.”
While the ransom was allegedly paid, the data obtained as a result of the hack has recently surfaced online.
The Have I Been Pwned breach notification service has identified more than 6.7 million user records, including username, email, IP address, country, and unsalted MD5 password hash.
OpenSubtitles users have been advised to change their password. The site claims to have implemented various security improvements on opensubtitles.org in response to the incident, and noted that its new site, opensubtitles.com, was built with better security from the start.
Nevertheless, users have been advised to change their password on both the new and old websites, as well as on the OpenSubtitles forum.
Related: Personal Information Compromised in Goodwill Website Hack
Related: Ransomware Operators Leak Data Stolen From Wind Turbine Giant Vestas
Related: 773 Million Records Amassed in Massive Data Breach Collection

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
