The hackers from a group called "TEAM M3DU5A" have hacked into the official website of Constantin Film AG (www.constantin-film.de)- a German film production and film distribution company.
The hackers managed to compromise the database and leaked in the pastebin(pastebin.com/vW40pRFL).
The dump contains the username and MD5 hashed passwords belong to Backend page . It also contains the username & plain-text passwords for the Movie and Budget Database .
In addition to the login credentials , the team leaked the a number of email addresses compromised from the server and links to login pages.
The group also provided two screenshots which shows that they have successfully logged in with the stolen credentails , allows them to create new movie project post.
Report says the hacker attack was retaliation for the shut down of an illegal file sharing website drei.bz by German copyright protection group GVU
"F*** the Copyright Lobby and Contentmafia | F*** the GVU | F*** the GEMA | RIP drei.bz" Hacker said in their leak.
The Constantin Film website uses the open source CMS TYPO3 . Recently, Typo3 updated their version to patch a critical SQL injection vulnerability which is found to be exploited in the wild. It seems like Constantin Film fails to update to the latest version.