Account data stolen in hack and ransomware attack OpenSubtitles.org

The account details and passwords of 6.7 million OpenSubtitles.org users were leaked in August 2021 after a hack and ransomware attack. Only now has the website told users this. The data has since been added to Have I Been Pwned.

In a forum post, the site’s admins explain that they were approached in August 2021 by a person who had access to user data. He asked for a penalty to remove the data and not to disclose it. The attacker had access to the credentials, email addresses, IP addresses, country of origin and decrypted passwords of a total of 6,783,158 accounts. Those credentials have been added to Have I Been Pwned’s password database.

The OpenSubtitles.org admins explain that the passwords were encrypted using md5 hashes with no salt, which made it easy to decrypt short passwords. The attacker gained access to the site through a poorly secured SuperAdmin account and an unsecured script. This allowed the attacker to perform SQL injections and steal the data.

According to the admins, they ‘barely’ complied with the ransomware demand, because the amount of money was too high. They do not explain exactly what that means. They do say that the attacker helped them make the site more secure by explaining where the vulnerability was. He also promised to delete the stolen data. The hard lesson that the admins have learned is that an attacker’s promises are worth nothing because he has made the passwords public after all.

According to the admins, the hacker has not been able to access users’ credit card details because they are stored externally. He did, however, gain access to accounts, especially those with short or bad passwords, because they are easy to decrypt. The site recommends changing the password. In addition, it has since improved security.