Letterboxd, a beloved platform for film enthusiasts to rate movies, leave reviews, and curate lists of films, has fallen victim to a cyber attack resulting in the compromise of user data. The breach, detected on February 15, 2024, occurred when third parties infiltrated an employee’s account, gaining unauthorized access to user information. While the platform moved swiftly to isolate and secure the compromised account, less than 1% of user data was stolen, encompassing email addresses, private lists, watchlists, and deleted content. Fortunately, sensitive information such as payment details and passwords remained unaffected by the breach.
Despite efforts to contain the breach, Letterboxd warns users of potential phishing attempts leveraging the stolen data. With the possibility of malicious actors posing as the platform, users are advised to exercise caution and remain vigilant against suspicious emails requesting user data updates or other similar requests. While the incident is undoubtedly concerning, Letterboxd reassures users that measures have been implemented to prevent such breaches in the future. Nonetheless, users are encouraged to prioritize security measures such as using complex, unique passwords and enabling two-factor authentication to safeguard their accounts.
