OpenSubtitles, one of the world’s largest online repositories of subtitle files, has confirmed a cyberattack leading to the exposure of personal data of nearly 7 million subscribers.

    According to a notification posted by ‘OSS’, one of the site admins, a malicious actor notified them of the breach via Telegram in August 2021. The hacker provided proof of how he gained access to user tables and demanded a large payment in Bitcoin to refrain from disclosing the attack and leaking user data online.

    “In August 2021 we received a message on Telegram from a hacker, who showed us proof that he could gain access to the user table of, and downloaded a SQL dump from it,” the post reads. “He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.”


    False promises


    OpenSubtitles agreed to the attacker’s demands and made an undisclosed BTC payment to his cryptocurrency wallet. Unfortunately, the website operators also learned a hard lesson – paying ransom does not guarantee the safety of their users’ data. Despite paying the initial ransom, one of the hacker’s associates made similar demands this month. When the site admins refused the second payment, the threat actor published the data online.


    Data breach impact


    The breach exposed the data of 6.7 million subscribers, including email and IP addresses and country of residence, usernames and passwords stored as unsalted MD5 hashes. Luckily, no credit card details were compromised, as they are “stored outside of our plaform,” the site admin said.

    The leaked unsalted passwords and email addresses leave subscribers open to account takeover attacks on platforms using the same login credentials. Users must reset passwords for any accounts set up using the email and password combo.

    The website owner has also taken security measures in response to the incidents, including new password policies, IP address spoofing, the deletion of all MD5 passwords, and a mandatory password reset for all users.


    If this information is helpful to you read our blog for more interesting and useful content, tips and guildelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be asiisting you with your query.

    Content curated by the team of COMPUTER 2000 on the bases of marketing materials provided by our partners/vendors.

    Follow us to learn more


    Let’s walk through the journey of digital transformation together.

    By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

    7 + 6 =