Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Welcome Guest!

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?


OpenSubtitles Hacked, 7 Million Subscribers’ Details Leaked Online


Recommended Posts

opensubtitlesnew.pngOpenSubtitles is one of the largest and most popular subtitle repositories on the Internet. Millions of subtitle files are downloaded every week in many languages, often to be paired with downloaded movies and TV shows.

The site was founded in 2006 by a Slovakian programmer who came up with the idea while drinking a few beers at a local pub. Following an announcement late yesterday, more beers might be needed to cope with an emerging crisis.

OpenSubtitles Hacked, Millions of Subscribers’ Details Exposed

In a post to the OpenSubtitles forum, site administrator ‘oss’ reveals that the site – which has millions of members – has been hacked. Apparently the development isn’t new either.

“In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it. He asked for a BTC ransom to not disclose this to public and promise to delete the data,” the post reads.

“We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.”

Hacker Gained Access to All User Data

According to ‘oss’, the hacker gained access to email addresses, usernames and passwords, but promised that the data would be erased after the payment was made. That promise was not kept.

While no member data was leaked last August, on January 11, 2022, OpenSubtitles received new correspondence from a “collaborator of the original hacker” who made similar demands. Contacting the original hacker for help bore no fruit and on January 15 the site learned that the data had been leaked online the previous day.

Indeed, searches on data breach site Have I Been Pwned reveals that the database is now in the wild, containing all of the data mentioned by OpenSubtitles and more.

OpenSubtitles Hacked

“In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers’ personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes,” the site reports.

Measures Taken By OpenSubtitles

OpenSubtitles describes the hack as a “hard lesson” and admits failings in its security. The platform has spent time and money securing the site and is requiring members to reset their passwords. However, for those who have had their data breached, it may already be too late to prevent damage.

The hacker has already had access to data for several months and now the breach is in the wild, problems could certainly escalate. Those with exceptionally strong passwords may be safer than those who chose an easy-to-guess option but according to OpenSubtitles, the former are in the minority.

Threats to OpenSubtitles Members

Perhaps the most immediate threat concerns users who used the same email address and password combination on other sites. With these in the wild, an attacker could breach third-party accounts so immediately changing these credentials should be a priority for those affected, perhaps with the use of a password manager service such as 1Password.

Another concern for OpenSubtitles users is that many are likely to be members of pirate sites. If they used the same credentials on those then that is clearly an issue but if the report from Have I Been Pwned is correct, their email addresses can now be matched with their IP addresses too.

Only time will tell if that will prove of interest to third parties but in privacy terms the situation is certainly not optimal. OpenSubtitles has been officially labeled as a pirate service in a number of regions and courts around the world including those in Australia, Greece, and Norway have ordered the platform to be blocked by ISPs.

Further information on the breach and actions to be taken can be found here

From: TF, for the latest news on copyright battles, piracy and more.

View the full article

Link to comment
Share on other sites

  • 3 months later...

Open Subtitles is one of the largest subtitle repositories in the world. It has more than 13 million registered users, and it is the base for popular streaming services like Popcorn Time and VLC. Yesterday, one of the OpenSubtitles administrators revealed that their servers were breached in 2014, and a hacker managed to steal the users’ information including names, email addresses and encrypted passwords. For more information,  Subtitles Love.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Our picks

    • Wait, Burning Man is going online-only? What does that even look like?
      You could have been forgiven for missing the announcement that actual physical Burning Man has been canceled for this year, if not next. Firstly, the nonprofit Burning Man organization, known affectionately to insiders as the Borg, posted it after 5 p.m. PT Friday. That, even in the COVID-19 era, is the traditional time to push out news when you don't want much media attention. 
      But secondly, you may have missed its cancellation because the Borg is being careful not to use the C-word. The announcement was neutrally titled "The Burning Man Multiverse in 2020." Even as it offers refunds to early ticket buyers, considers layoffs and other belt-tightening measures, and can't even commit to a physical event in 2021, the Borg is making lemonade by focusing on an online-only version of Black Rock City this coming August.    Read more...
      More about Burning Man, Tech, Web Culture, and Live EventsView the full article
      • 0 replies
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
    • Post in What Are You Listening To?
      Post in What Are You Listening To?
  • Create New...