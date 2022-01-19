OpenSubtitles, one of the largest online subtitle download services for movies and series, has seen the data of more than 6.7 million users leaking onto the internet. The exposure is the result of a cyberattack recorded in August 2021 but not revealed to the public until now; the company paid the requested ransom, but the information was published anyway.

The set contains information such as emails, passwords, usernames, IP addresses used to access the website and geolocation collected during use. According to official information, the credentials were stored in MD5 format, considered insecure, especially for those registered who used simple keywords, with few characters or recognized words.

Now, the request is for all users to change their passwords, something that will be mandatory for everyone who accesses the platform with their accounts logged in from now on. In the official statement, the service apologized for the lack of security and explained that the service was created in 2006 with little knowledge of this type of aspect, which makes the idea that it was achieved just so many years later “kind of impressive”.

15 years later, the platform appears on the list of the 5,000 most accessed sites on the internet, receiving access from all over the world for download and subtitles available in all languages. Registration is not required to download translations, but anyone who wants to host their work, access forums or have access to specific resources has to do so.

According to the official statement, contact with those responsible for the coup took place in August 2021, through a message on Telegram. There was no ransomware attack, but rather an intrusion into the OpenSubtitles administration systems from insecure scripts used by the service, in an SQL injection scam; samples of the volume were presented as evidence, while a high amount of Bitcoin was requested.

The platform’s administrators accepted, under the promise that the information would not be exposed, but deleted by the criminals. In addition, those responsible helped to resolve the issue, which meant that the entire case was kept confidential until now, when the database was made publicly available and exposed the credentials of all users of the service.

What to do in case of leaks

In response to the incident, which he called a “hard lesson”, OpenSubtitles received a series of security updates, such as controls for unsuccessful logins, improved encryption in password storage, and new policies related to credentials, as well as captchas and other protocols. Administrators also apologized to users.

The main recommendation, even given by those responsible, is regarding the use of unique and exclusive passwords for each service, so that the leak of one does not compromise other accounts. The ideal is to opt for random keywords and bet on a manager, this one with an intelligible password, but equally secure, with letters, symbols and numbers, which gives access to all the others.

In addition, for affected users, it is important to check that other services do not share the same password — these must also be changed. It is also worth using services such as Have I Been Pwned, which alerts you by e-mail whenever personal credentials appear in any volume leaked on the internet.