OpenSubtitles

OpenSubtitles operates as an online platform facilitating access to subtitles for films and television programs. While specific details regarding its core operational scope, market reach, and ownership structure are not explicitly detailed in the provided source material, the platform maintains a significant user base. The incident involving the compromise of 6.7 million user records underscores the scale of its user engagement and the sensitivity of the personal information it manages, including email addresses, usernames, and password credentials.

The organisation experienced a significant cybersecurity incident on January 1, 2021, stemming from compromised security controls. An attacker successfully breached a superadmin account protected by a weak password and exploited an unsecured script to perform SQL injection. This attack resulted in the extraction of user data stored within the platform's systems. The compromised data consisted of email addresses, usernames, and unsalted MD5-hashed passwords, a legacy storage method known for its vulnerability to cracking techniques. Following the breach, the attacker engaged in extortion, leading the company to pay a ransom; however, the stolen data was subsequently leaked publicly. Payment card information remained unaffected as it was stored externally. This event highlighted critical security shortcomings, particularly within legacy system components, prompting the organisation to undertake subsequent code updates to address these vulnerabilities.