ShinyHunters hacks Pluto TV users’ data and shares on a forum

Wednesday, last week, a threat actor shared a database that contains 3.2 million user records that were stolen during a data breach.

 Puto is an Internet TV service that streamlines free TV shows with advertisements. It has over 28 million members. Over 10 million users have downloaded its mobile apps.

Over a past week, threat actors have been releasing user databases stolen in data breaches. All these breaches are said to have been done by a threat actor ShinyHunters.

ShinyHunters is behind many other security breaches, including of Microsoft’s Private GitHub repository, the popular digital banking app Dave.com and Animal Jam.

This data breach is once again attributed to ShynyHunters. The sample of their database contains a member’s:

  • Display name,
  • Email address,
  • Bcrypt hashed password,
  • Birthday,
  • Device platform and
  • IP address

 The shared email addresses in the sample are actual Pluto TV members. Thus, the data breach is valid. However, the Pluto TV official has yet to confirm on it. What we get as reply from official:

“While at this time, we cannot verify the veracity of this claim, any attempt to compromise the security of our users, platform, or details are treated with the utmost priority. We are investigating the matter,”

 It is suggested for all the Pluto users to immediately change their passwords. Also, it is strongly recommended to change the passwords of all other sites that have the same passwords as used in for Pluto TV.