OpenSubtitles is one of the largest and most popular subtitle repositories on the Internet. Millions of subtitle files are downloaded every week in many languages, often to be paired with downloaded movies and TV shows.
The site was founded in 2006 by a Slovakian programmer who came up with the idea while drinking a few beers at a local pub. Following an announcement late yesterday, more beers might be needed to cope with an emerging crisis.
OpenSubtitles Hacked, Millions of Subscribers’ Details Exposed
In a post to the OpenSubtitles forum, site administrator ‘oss’ reveals that the site – which has millions of members – has been hacked. Apparently the development isn’t new either.
“In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it. He asked for a BTC ransom to not disclose this to public and promise to delete the data,” the post reads.
“We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.”
Hacker Gained Access to All User Data
According to ‘oss’, the hacker gained access to email addresses, usernames and passwords, but promised that the data would be erased after the payment was made. That promise was not kept.
While no member data was leaked last August, on January 11, 2022, OpenSubtitles received new correspondence from a “collaborator of the original hacker” who made similar demands. Contacting the original hacker for help bore no fruit and on January 15 the site learned that the data had been leaked online the previous day.
Indeed, searches on data breach site Have I Been Pwned reveals that the database is now in the wild, containing all of the data mentioned by OpenSubtitles and more.
“In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers’ personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes,” the site reports.
Measures Taken By OpenSubtitles
OpenSubtitles describes the hack as a “hard lesson” and admits failings in its security. The platform has spent time and money securing the site and is requiring members to reset their passwords. However, for those who have had their data breached, it may already be too late to prevent damage.
The hacker has already had access to data for several months and now the breach is in the wild, problems could certainly escalate. Those with exceptionally strong passwords may be safer than those who chose an easy-to-guess option but according to OpenSubtitles, the former are in the minority.
Threats to OpenSubtitles Members
Perhaps the most immediate threat concerns users who used the same email address and password combination on other sites. With these in the wild, an attacker could breach third-party accounts so immediately changing these credentials should be a priority for those affected, perhaps with the use of a password manager service such as 1Password.
Another concern for OpenSubtitles users is that many are likely to be members of pirate sites. If they used the same credentials on those then that is clearly an issue but if the report from Have I Been Pwned is correct, their email addresses can now be matched with their IP addresses too.
Only time will tell if that will prove of interest to third parties but in privacy terms the situation is certainly not optimal. OpenSubtitles has been officially labeled as a pirate service in a number of regions and courts around the world including those in Australia, Greece, and Norway have ordered the platform to be blocked by ISPs.
Further information on the breach and actions to be taken can be found here