Skip to main content

Pluto TV suffered a massive breach in 2018 — and didn't tell anyone about it

Pluto TV on Apple TV
(Image credit: WhatToWatch.com)

Ask folks about the best streaming services, and undoubtedly Pluto TV will come up in the conversation. Not necessarily because it's great — it's got some stuff you'll want, and a lot that's more of a novelty — but mostly because it's free. The ViacomCBS-owned service is supported by advertising and has a ton of B- and C-level content, along with streaming news and sports and all kinds of things usually confined to the traditional internet.

And way back in October 2018, it apparently suffered a pretty major security breach. I didn't learn about it until Dec. 5, 2020, when I got an email from the "Have I Been Pwned" service, which keeps an ear to the ground for hacking incidents, verifies them, and allows you to receive alerts that some of your information was caught up in the dump. (I highly recommend using the service, by the way.)

The alert let me know that some 3,225,080 accounts were included in the 2018 data dump, and the records included dates of birth, device information, emails, genders, IP addresses, names, hashed passwords, social media profiles, and usernames. Pluto TV currently has more than 26.5 million monthly active users, though you don't have to have an account to use the service and watch free content.

(This, by the way, is the part where I'll remind folks that reusing passwords across the internet is one of the worst things you can do. Because if you used the same email and password combination for your bank as you do for Pluto, well, bad things can happen. This also is what happened to a lot of Disney+ subscribers a year ago.)

The HIBP alert pointed to a Vice article that goes into more detail. And that article points to a Bleeping Computer article from November. I'd recommend reading them both.

So what should you do now? If you have a Pluto TV account, change the password to something new, strong and unique. (I also highly recommend using a password manager.)

Me? I'm also going to think twice about ever using Pluto TV.