[BreachExchange] Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom

[Terrell Byrd]

https://www.securityweek.com/data-7-million-opensubtitles-users-leaked-after-hack-despite-site-paying-ransom

OpenSubtitles Hack Shows Why Paying Ransom Offers No Guarantees

Popular subtitles website OpenSubtitles on Tuesday admitted that its
systems had been hacked after the details of nearly seven million user
accounts were leaked, despite the site allegedly paying a ransom to avoid
this situation.

Law enforcement and cybersecurity professionals have often advised against
paying a ransom to cybercriminals as it encourages them to continue their
malicious activities, and there is no guarantee that the attacker will hold
up their end of the bargain. The OpenSubtitles hack is a perfect example of
this.

According to a forum post from OpenSubtitles’ administrator, the
opensubtitles.org website was hacked by someone in August 2021. The
attacker had exploited a series of vulnerabilities to obtain user data and
then asked for an undisclosed amount of bitcoin in exchange for not making
the hack public and deleting the data.

“We hardly agreed, because it was not low amount of money,” the
OpenSubtitles admin said. “He explained us how he could gain access, and
helped us fix the error. On the technical side, he was able to hack the low
security password of a SuperAdmin, and gained access to an unsecured
script, which was available only for SuperAdmins. This script allowed him
to perform SQL injections and extract the data.”

The admin added, “He gained access to all users data - email, username,
password...He promised the data would be erased and he would help us secure
the site after the payment.”

While the ransom was allegedly paid, the data obtained as a result of the
hack has recently surfaced online.

The Have I Been Pwned breach notification service has identified more than
6.7 million user records, including username, email, IP address, country,
and unsalted MD5 password hash.

OpenSubtitles users have been advised to change their password. The site
claims to have implemented various security improvements on
opensubtitles.org in response to the incident, and noted that its new site,
opensubtitles.com, was built with better security from the start.

Nevertheless, users have been advised to change their password on both the
new and old websites, as well as on the OpenSubtitles forum.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220120/136c10b1/attachment.html>