‘Pluto TV’ User Records Freely Shared on Dark Web Forum

  • About 3.2 million records belong to users of the ‘Pluto TV’ service are now circulating the dark web.
  • Someone is freely sharing the data pack on a dark web forum, claiming that it’s the work of ShinyHunters.
  • The data is two years old, but scammers and phishing actors could still use them.

Approximately 3.2 million user records that apparently belong to the ‘Pluto TV’ platform are being freely distributed on a dark web forum by a hacker. Usually, we see such moves after the stolen data has already been exploited by the hackers who got to steal it or the first “exclusive” buyer.

In this case, too, the name of the notorious data broker “ShinyHunters” is involved, although the user who is distributing the data is using a different nick.

Source: Bleeping Computer

Indeed, those who have seen samples of the data confirm that they appear to be around two years old, with the most recent record dating back to October 12, 2018. This means the actors who performed the security breach on Pluto TV have had ample time thus far to exploit it in every possible way.

As for the validity of the entries, there’s no doubt about it. The data that is included in the packs include the following:

  • Username
  • Email address
  • Passwords (bcrypt hashed)
  • Dates of birth
  • Device platform
  • IP address
Source: Bleeping Computer

Pluto TV is a Los Angeles-based TV service founded in 2013 and bought by ViacomCBS in 2019. The platform is free to use and follows an ad-support business model, allowing users to select programming content and consume it in a “traditional” linear viewing way. The platform has optional registration, which is there to help users retain their settings and content preferences. If you belong in this category of users, you should reset your password on the platform and anywhere else where you may be using the same credentials.

Since email addresses are included in the data, phishing and scamming is also a possibility. IP address gives away someone’s location, and dates of birth allow threat actors to set up trickery like claiming that you have a gift on the post, for example. Scammers will try anything to trick you, so if you are a registered Pluto TV user who joined before October 2018, beware.

The platform had failed to inform the users of this leak when it happened, and since it’s under new ownership now, there can be no attributions pointed to them anymore. Possibly, “ShinyHunters” or the hackers to did this exfiltrated the data without leaving a trace, so Pluto TV never realized the breach.

REVIEW OVERVIEW

Latest

How to Watch Rooms We Love Online From Anywhere

A new lovely series focusing on beautiful houses and great interior designers is set to soon premiere, this time with an emphasis...

How to Watch Elizabeth: A Portrait in Parts Online From Anywhere – Stream the Queen Elizabeth II Documentary

Elizabeth: A Portrait in Part(s) is a documentary on the life of Queen Elizabeth II, the longest-lived, longest-reigning British monarch and longest-serving...

How to Watch Shoresy Online From Anywhere: Stream the Letterkenny Spin-Off Series

Shoresy is the foul-mouthed, chirp-serving, mother-loving, fan-favorite character, and this show sees him join a senior AAA hockey team in Sudbury on...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari