OpenSubtitles Data Breach Affects 6.7 Million Users; Emails, Passwords and Usernames Left in the Wild


January 26, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
OpenSubtitles Data Breach Affects 6.7 Million Users; Emails, Passwords and Usernames Left in the Wild

OpenSubtitles, one of the world’s largest online repositories of subtitle files, has confirmed a cyberattack leading to the exposure of personal data of nearly 7 million subscribers.

According to a notification posted by ‘OSS’, one of the site admins, a malicious actor notified them of the breach via Telegram in August 2021. The hacker provided proof of how he gained access to user tables and demanded a large payment in Bitcoin to refrain from disclosing the attack and leaking user data online.

“In August 2021 we received a message on Telegram from a hacker, who showed us proof that he could gain access to the user table of, and downloaded a SQL dump from it,” the post reads. “He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.”

False promises

OpenSubtitles agreed to the attacker’s demands and made an undisclosed BTC payment to his cryptocurrency wallet. Unfortunately, the website operators also learned a hard lesson - paying ransom does not guarantee the safety of their users’ data. Despite paying the initial ransom, one of the hacker’s associates made similar demands this month. When the site admins refused the second payment, the threat actor published the data online.

Data breach impact

The breach exposed the data of 6.7 million subscribers, including email and IP addresses and country of residence, usernames and passwords stored as unsalted MD5 hashes. Luckily, no credit card details were compromised, as they are “stored outside of our plaform,” the site admin said.

The leaked unsalted passwords and email addresses leave subscribers open to account takeover attacks on platforms using the same login credentials. Users must reset passwords for any accounts set up using the email and password combo.

The website owner has also taken security measures in response to the incidents, including new password policies, IP address spoofing, the deletion of all MD5 passwords, and a mandatory password reset for all users.

Is your data exposed in a data breach? Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.




Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like