Opensubtitles.org breached – Email addresses, IP addresses, Passwords, Usernames

On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. Most users didn't use these strong passwords, it means, hacker can get access to user accounts. We should have spent more energy on securing the site and kick out the old md5() without salt passwords long time ago. The site SHOULD be more secure now, we improved the way users are connecting to the site, the accounts will be locked after some successful logins, we introduced new password policy, we removed session info from table, IP should not be spoofable anymore, Captchas on login, register, password-reset, CSRF on forms, requests will be cancelled if admins change their IP during session, user passwords are saved in safe form using hash hmac and sha256 algo with salt and pepper, all md5() passwords are deleted. If you are not using some password manager, it can be a good time to consider it, they'll help you switch to using long and complex passwords, notify you of security issues, manage 2FA, and access your passwords from all your devices with the only need to remember one master password List of best password managers. 19th Jan 2022 UPDATE- when updating your password, please wait for email and don't send another email, otherwise it can create problems - we are using ONE confirmation string per User, so when you create second request for password change and you will receive email from first password change, you will get error. So request password just one time, wait and please check also your email spam.