OpenSubtitles hacked: data of 6.7 million users leaked

OpenSubtitles, a site that lists subtitles for films and series, announces that it has been hacked. The hack actually took place in August 2021, but the site is only revealing it today.

Significant hack of the OpenSubtitles site

On its forums, OpenSubtitles indicates that a hacker contacted him on Telegram in August 2021, showing that he was able to gain access to collect several pieces of information, including the database. He then demanded a ransom, threatening to make the information public. But in case of payment, he undertook to erase the data in his possession. The site agreed to pay.

How could the hacker infiltrate? He was able to crack a SuperAdmin’s low-security password and gained access to an insecure script, which was only available to SuperAdmins. This script allowed him to perform SQL injections and extract the data.

Upon arrival, the data of 6,783,158 registered OpenSubtitles users was retrieved and leaked onto the internet a few days ago. This includes email addresses, nicknames and passwords encoded with MD5. This means that most passwords could be easily cracked. The site says it has updated its infrastructure and now recommends users change their passwords to prevent their accounts from being hijacked.