On January 18, opensubtitles.org, one of many largest subtitles web sites, confronted an information breach. OpenSubtitles posted on their discussion board that they have been contacted by a hacker on telegram in August 2021.
It looks like the hacker was capable of breach their server and get delicate data. As each cybercriminal does, the hacker additionally requested for a ransom in order to not disclose the info.
The information consisted of usernames, emails, passwords and way more. The hacker additionally promised that he would delete the info after he acquired the ransom. With not many choices, Opensubtitles agreed to it. The hacker defined how he hacked.
The attacker was capable of crack the weak password of a SuperAdmin which allowed him to entry an unsecured script.
The script which was used solely by SuperAdmins, created the best way for SQL injections and knowledge extraction. After offering the knowledge, he additionally helped them to unravel the error. The worst half is the hacker uncovered their knowledge.
As posted within the forum,
“The positioning was created in 2006 with little information of safety, so passwords have been saved in md5() hashes with out salt. It means for those who used a powerful password (let’s say at the least 10 characters with the lowercase, uppercase, quantity and particular characters) you have to be protected, however quick simple passwords, particularly if they’re within the English dictionary can somewhat simply be extracted from these knowledge.”
The put up additionally mentioned that they felt wonderful, because it had been 15 years because the web site was created and the hacker should’ve had a tough time cracking it. OpenSubtitles turned a sufferer of cyber fraud which made them study a lesson that, if they’re contacted by a hacker, there needs to be minimal discuss and mustn’t consider in false guarantees.
They’ve realized the error of ignoring the necessity for safety on their web site. In addition they apologized for his or her mistake and suggested their customers to make use of a powerful password. They explained further about their updates and points to be mounted.
You’ll be able to observe us on Linkedin, Twitter, Facebook for every day Cybersecurity updates