advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

OpenSubtitles users need to change their password right now

Today we bring you news of an alarming breach that affects nearly seven million users.

The breach is of a service known as OpenSubtitles and the breach is alarming because it showcases just how bad things can go when security isn’t taken seriously.

An administrator for OpenSubtitles reports that the site received a Telegram message from an individual claiming to have accessed the user table of the website in August 2021. The hacker provided proof of their intrusion and demanded a ransom in Bitcoin. Should the ransom not be paid, the data that was gleaned from the hack would be released.

“We hardly agreed, because it was not low amount of money,” OpenSubtitles said of the ransom that was demanded.

“He [the hacker] explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data,” the website said.

While the website says that the hacker promised to help secure the website after payment, it doesn’t appear as if that payment was made because users are now being advised to update their passwords. This includes passwords for opensubtitles.org, opensubtitles.com and the forum.opensubtitles.org websites.

This is vital as passwords were stored using the MD5 hash without salt meaning that decrypting these passwords would be trivial. The data taken also included IP addresses, usernames and the country the user accesses the website from.

We highly recommend heading to Have I Been Pwned to check whether details associated with your email address have been compromised as a part of this breach.

While OpenSubtitles says that its website was created in 2006 “with little knowledge of security”, that’s not a great excuse especially in an age where cybersecurity is such a massive talking point.

The website says it will be retiring MD5 and thankfully no credit card or other financial details were taken.

We hope this serves as a lesson to website owners to take security seriously, no matter how small you think your reach is.

“Note that our new site, opensubtitles.com was built with stronger security concerns,” said OpenSubtitles.

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

There are levels to AI, four of them according to Honor

Students searching for scholarships the latest phishing target

Eaton’s UPS Trade-In campaign aims to assist with ewaste

Every second person online is a bot – new report

Cheap ransomware poses a massive threat to small businesses

China is restricting American apps citing security concerns

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.