Hacker shares 3.2 million Pluto TV accounts for free on forum

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Pluto TV

A hacker is sharing what they state are 3.2 million Pluto TV user records that were stolen during a data breach.

Pluto TV is an Internet television service that lets you stream free TV shows with advertisements. The service has over 28 million members, and its mobile apps have been installed over 10 million times.

Pluto TV database leaked on a hacker forum

Over the past week, threat actors have been releasing user databases for farious commercial websites that were stolen during data breaches on a hacker forum.

All of these breaches are said to be done by a threat actor named ShinyHunters, who has been responsible for numerous data breaches and the hack of Microsoft’s private GitHub repository in the past. For the past few months, though, ShinyHunters has disappearedd, and fewer data breaches have been reported.

Since ShinyHunters reappearance, numerous data breaches have been confirmed, including Animal Jam, 123RF, Geekie, Athletico, Wongnai, RedMart, and many others.

On Wednesday, a threat actor shared what they say is a Pluto TV user database containing 3.2 million user records. This data breach is once again attributed to ShinyHunters.

Pluto TV database is offered for free
Pluto TV database is offered for free

The samples of the database seen by BleepingComputer contains a member’s display name, email address, bcrypt hashed password, birthday, device platform, and IP address.

Sample of Pluto TV records in the database
Sample of Pluto TV records in the database

The data in this breach appears to be two years old, with the latest record created on October 12th, 2018.

BleepingComputer has confirmed that all of the email addresses shared in the sample are actual members of Pluto TV. This leads us to believe that the data breach is valid.

In a statement to BleepingComputer, though, Pluto TV has not confirmed if the data breach occurred, and only that they are investigating.

“While at this time, we cannot verify the veracity of this claim, any attempt to compromise the security of our users, platform, or details are treated with the utmost priority. We are investigating the matter,” Pluto TV told BleepingComputer.

What should Pluto TV users do now?

As some of the exposed data has been confirmed as accurate, it does appear that legitimate info was…