OpenSubtitles, one of the largest repositories of subtitle files on the internet, has been hacked. Founded in 2006, the site was reportedly hacked in August 2021 with the attacker obtaining the personal data of nearly seven million subscribers including email and IP addresses, usernames and passwords. The site alerted users yesterday after the hacker leaked the database online. OpenSubtitles is one of the largest and most popular subtitle repositories on the Internet. Millions of subtitle files are downloaded every week in many languages, often to be paired with downloaded movies and TV shows. The site was founded in 2006 by a Slovakian programmer who came up with the idea while drinking a few beers at a local pub. Following an announcement late yesterday, more beers might be needed to cope with an emerging crisis. OpenSubtitles Hacked, Millions of Subscribers’ Details Exposed In a post to the OpenSubtitles forum, site administrator ‘oss’ reveals that the site – which has millions of members – has been hacked. Apparently the development isn’t new either. “In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it. He asked for a BTC ransom to not disclose this to public and promise to delete the data,” the post reads. “We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.” Hacker Gained Access to All User Data According to ‘oss’, the hacker gained access to email addresses, usernames and passwords, but promised that the data would be erased after the payment was made. That promise was not kept. While no member data was leaked last August, on January 11, 2022, OpenSubtitles received new correspondence from a “collaborator of the original hacker” who made similar demands. Contacting the original hacker for help bore no fruit and on January 15 the site learned that the data had been leaked online the previous day. Indeed, searches on data breach site Have I Been Pwned reveals that the database is now in the wild, containing all of the data mentioned by OpenSubtitles and more. “In August 2021, the subtitling website Open Subtitles suffered a data breach and subsequent ransom demand. The breach exposed almost 7M subscribers’ personal data including email and IP addresses, usernames, the country of the user and passwords stored as unsalted MD5 hashes,” the site reports. Measures Taken By OpenSubtitles OpenSubtitles describes the hack as a “hard lesson” and admits failings in its security. The platform has spent time and money securing the site and is requiring members to reset their passwords. However, for those who have had their data breached, it may already be too late to prevent damage. The hacker has already had access to data for several months and now the breach is in the wild, problems could certainly escalate. Those with exceptionally strong passwords may be safer than those who chose an easy-to-guess option but according to OpenSubtitles, the former are in the minority. Threats to OpenSubtitles Members Perhaps the most immediate threat concerns users who used the same email address and password combination on other sites. With these in the wild, an attacker could breach third-party accounts so immediately changing these credentials should be a priority for those affected, perhaps with the use of a password manager service such as 1Password. Another concern for OpenSubtitles users is that many are likely to be members of pirate sites. If they used the same credentials on those then that is clearly an issue but if the report from Have I Been Pwned is correct, their email addresses can now be matched with their IP addresses too. Only time will tell if that will prove of interest to third parties but in privacy terms the situation is certainly not optimal. OpenSubtitles has been officially labeled as a pirate service in a number of regions and courts around the world including those in Australia, Greece, and Norway have ordered the platform to be blocked by ISPs.

As scientists and academics of all kinds turn to Sci-Hub to freely access scientific papers, a new browser tool aims to make access even more straightforward. Currently available from the Mozilla addon store but also compatible with Chrome, 'Sci-Hub Injector' embeds Sci-Hub download links into popular publishers' websites. Given its reputation for tearing down paywalls to deliver knowledge and enlightenment to academics, students and researchers, Sci-Hub remains one of the internet’s most valuable data resources. Praised by all who find its services useful or even vital, Sci-Hub also has to deal with attacks from publishing giants who would prefer to see the platform taken offline, or blocked by ISPs wherever that is a viable option. Unfortunately for the publishers, however, those utilizing Sci-Hub tend to be tech-savvy individuals who are not only undeterred by blocks but can also have a penchant for making downloading even easier. Sci-Hub Injector Released The latter mission was recently taken on by Rick Wierenga, a student currently doing a double major in bioinformatics & artificial intelligence (Bachelor) at Leiden University in the Netherlands. Over the weekend Wierenga released an interesting new browser tool that turns the finding of Sci-Hub download links into child’s play. Named ‘Sci-Hub Injector’ and released under GNU General Public License v3.0, the browser extension is easy to deploy in Firefox and is installable in Chrome with a simple few steps. Its main feature is to embed Sci-Hub download links into publishers’ own websites meaning that if someone was searching for a paper on SpringerLink, on the topic of aquatic animal nutrition, for example, they will see the enhanced results shown below: As the image above shows, in this instance the extension seamlessly adds a very subtle Sci-Hub logo and link next to the download counter but button placement can vary on other sites. In any event, pressing the button takes the user straight to Sci-hub where the corresponding paper may be downloaded for free (rather than a minimum of £127.50 for the book in the example above). Works on Firefox and Chrome As things currently stand, Sci-Hub injector is available for download from the Mozilla addon store. The software also works with Chrome but is yet to appear on Google’s Play Store. Until that happens, users are required to follow some simple setup instructions listed on the project’s Github page to get the tool up and running. At the time of writing, Sci-Hub Injector appears to be a project still under development. It currently supports several publishing platforms including PubMed, Nature, Taylor and Francis, Elsevier / ScienceDirect, Eureka Select, Science and SpringerLink but the developer says that he’s open to adding new platforms, if users submit them. “Inject freedom into science publisher websites, with style. Please contribute new websites!” Wierenga says. Is it Legal? While offering a direct link to an infringing copy of a scientific paper can be considered infringement in many regions of the world, Sci-Hub injector merely links to a Sci-Hub page, not the infringing content itself. Furthermore, the link is embedded in the publishers’ websites only in the user’s local browser, so at least on the part of the user, no distribution takes place. Only when the user visits Sci-Hub and actually downloads a paper does a potentially infringing copy get made but that’s the case no matter what mechanism is used to find and visit the site. In any event, Wierenga advises users to be cautious, depending on the law in their region. “I don’t recommend doing things that go against whatever laws that apply where you are. This is the user’s responsibility,” he adds. TorrentFreak reached out to Wierenga for additional information but he declined to comment at this time. The idea of ‘pimping’ official websites with new data isn’t new. Way back in 2008, a team created ‘Pirates of the Amazon’, a Firefox addon that embedded Pirate Bay links to movies into the Amazon website. A few years later, a similar tool appeared that did the same for eBooks, this time pulling content from Libgen.

Biggest mistake new users often make? Not understanding how your ratio works. It's easy though, your ratio is your uploaded amount, divided by your downloaded amount. Your required ratio represents the minimum your ratio can be (increases slowly with how much you've downloaded to a required ratio of about 0.10) before you're put onto a two week ratio watch, represented by a noticable warning. Your ratio stat is located right under the logo. A ratio of 1.00 is considered ideal as it means you uploaded the same amount you've downloaded, but the higher the better.

Lee Min Ho

@jangofettbr i apply

Jackie Chan

I apply for this awesome giveaway.

Offerings

@Eren i apply

Jason Roy

Ostrich

Will Smith

Hashim Amla

Constantine

xenogeneic