Downloading movies, series and documentaries from the internet is a common practice that often comes without subtitles and one of the fastest solutions is to go to a website that allows you to download these text files; but nevertheless, such a practice could have exposed your data.

Opensubtitles.org is one of the most popular subtitle download sites in the world, this site suffered a cyber attack that exposed the usernames, passwords, IP addresses and geographic locations of 6,783,158 people. According to a message published by the page itself, a hacker managed to gain access to all user data in August 2021, who asked for a sum that “was not small” to recover said information.

The criminal took the time to explain to the website administrators how he achieved his goal: first, he gained ‘SuperAdmin’ access thanks to a low-security password, with such privileges acquired, he accessed a vulnerable script that allowed to perform ‘SQL Injections’ and extract all the data.

The page was created in 2006 with very low security measures, so passwords of less than 10 characters without numbers or symbols are decipherable thanks to algorithms. Fortunately, as it was a free service, there were no stored credit card numbers because the affectation would be greater.

The site’s administrators acknowledged their mistake and argued that they should have improved the security of their “long ago” platform, and ask their users to change their passwords.

Why the data breach is more serious than it seems

The leaking of passwords by the page, although it may seem harmless, represents a danger not only within the application but also outside it, since Many of the users use the same password for other services or sites with even more sensitive information.

You may not remember creating an account on the website, but it’s best to make sure. To check if you are one of the almost 7 million people affected by the hack, you must enter the site haveibeenpwned.com and enter your email in the search engine, since this website has obtained the filtered emails from Opensubtitles.

‘Have i been pwned’ will not only let you know if you have been hacked by the subtitle page, but this tool keeps a database with the most famous sites that have suffered serious cybersecurity breaches such as Taringa, Tumblr, Canva, Wattpad, among others. It is recommended that all users who have accounts on these pages do the search to find out if they have been infiltrated or hacked in some way, and, if positive, the website provides tips for you to switch to a strong password immediately.

Apple already has a solution for the Safari bug that steals personal data

Recently in infobae, we warned Apple users about an important flaw that directly affects data privacy, it is an error in the Safari browser that was discovered by the FingerprintJS company, which is responsible for identifying fraud or spam with the fingerprint.

Google usernames and browsing history would be exposed if the person is using Safari 15 on all devices, and other browsers running on iOS 15 and iPadOS 15.

Apple engineers are currently working on fixing the Safari bug that leaks user data.

The Apple News portal ensures that the company already has a patch to address this vulnerability and could solve the Safari problems, when the next update is available on all the devices of the bitten apple. However, it is still unknown when it will arrive.

In this case, Apple is likely to release security updates for iOS 15, iPadOS 15, and macOS Monterey. This does not include new software features, only Safari fix patches.

Users can install the latest version via: Settings > General > Software Update.

