Are you a Pluto.tv user? If so, you’re not alone. The internet television station boasts an impressive user base of nearly thirty million users who enjoy a wide range of free TV shows, with the caveat that they have to put up with commercials.

Unfortunately, security researchers recently found a vast trove of Pluto.tv login credentials available on the Dark Web, for free.

A group calling themselves ShinyHunters appears to be behind the attack that exposed more than 10 percent of the company’s customer accounts. ShinyHunters was extremely active in late 2019 and early 2020, and then seemed to all but vanish, but apparently, they’ve returned and are attacking a broad range of targets.

Based on an early analysis of the account credentials on the Dark Web, the data appears legitimate, and to this point, a number of attempts have been made to reach out to Pluto.tv for additional information.

To date, the only reply the company has given reads as follows:

“While at this time, we cannot verify the veracity of this claim, any attempt to compromise the security of our users, platform, or details are treated with the utmost priority. We are investigating the matter.”

If you have a Pluto.tv account, the safest course of action is to act now and not wait for the company’s investigation to bear fruit. Assume that your account has been compromised and change your password immediately.

Of course, this once again brings up the point that if you’re using the same password across multiple web properties, you should break that habit right away. In addition, you’ll need to change your password on any other site where you’ve used the same login credentials, lest you run the risk of handing the ShinyHunters the keys to your digital kingdom.