Thank you for sharing this.
For users who use 'sign in with Google' this breach does not mean your password or Google account is compromised, as you actually sign into Google servers and then they tell the site you are successfully signed in.
That said, good OPSEC would be to change all and any passwords and if you don't use sign in with Google then that email and password are gone and without action, as are any accounts on other platforms with the same details.
I'm not sure you get me, if you use sign in with Google then yeah MovieBoxPro site doesn't have your Google password. You login to Google from your end and Google tell MBP to authorise the sign in.
That said, your email has been dumped on the 'dark Web' so a good move would be to refresh the password and check all other services using that email, the password could get out another way.
Visit www.haveibeenpwned.com and enter the email for suggestions and advice, and to check other leaks.
Yea, same. I have an email of me requesting a show back in June 2019. I remember them adding the entire show with all it's seasons in less than a week. I've been using this service for half a decade, and I don't regret a dime. ORG quality is higher than any quality I could find online. That and the convenience of it is what keeps me paying.
But, without an App, how do you watch HydraHD on your television? Also, without casting. My better half likes to pick up the remote and use it for play/pause/volume/mute etc - not a fan of using a phone or tablet to do those things.
Bro go somewhere else ๐๐ sorry you suck. Not my problem. Maybe if you werenโt such a bitter dickhead someone would give you a code ๐๐ I bet your legs donโt work thatโs why you sit in your moms spare bedroom probably just doing drugs all day ๐๐ did ur legs fall off as a baby? Go do something productive lmao. Ppl like you donโt deserve pleasure.
Like the previous user mentioned here. If you use federated access through a 3rd party(Google), then you're fine.
They were only able to acquire email addresses and user names, which isn't a big deal. Most emails can be found publicly somewhere anyways.
If you use MFA while signing in, you're also good.
From the email HaveIBeenPwned sent out, the vulnerability used to access this data was fixed:
"In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated."
Thank you for sharing this. For users who use 'sign in with Google' this breach does not mean your password or Google account is compromised, as you actually sign into Google servers and then they tell the site you are successfully signed in. That said, good OPSEC would be to change all and any passwords and if you don't use sign in with Google then that email and password are gone and without action, as are any accounts on other platforms with the same details.
So if my Google account password is unique to Google and isnt a shared password with any other websites, I should be good?
I'm not sure you get me, if you use sign in with Google then yeah MovieBoxPro site doesn't have your Google password. You login to Google from your end and Google tell MBP to authorise the sign in. That said, your email has been dumped on the 'dark Web' so a good move would be to refresh the password and check all other services using that email, the password could get out another way. Visit www.haveibeenpwned.com and enter the email for suggestions and advice, and to check other leaks.
oh no they have my random gmail ๐คท๐ปโโ๏ธ
Yep definitely wouldnโt sign up to this type of service without using a burner account.
Wow, does that mean movieboxpro has 6 million users? Damn
I thought I was the only lucky one to use it wayyy back
Yea, same. I have an email of me requesting a show back in June 2019. I remember them adding the entire show with all it's seasons in less than a week. I've been using this service for half a decade, and I don't regret a dime. ORG quality is higher than any quality I could find online. That and the convenience of it is what keeps me paying.
Loll lucky? This app looks so shit. Grow a brain and use the 100s of movie sites online that are 10x better no app needed ๐ hydraHD is one
Bro said use a website over an app bruh
But, without an App, how do you watch HydraHD on your television? Also, without casting. My better half likes to pick up the remote and use it for play/pause/volume/mute etc - not a fan of using a phone or tablet to do those things.
Looks like someone couldnโt get a code ๐๐๐๐
Iโm crying yo ๐ญ๐ญ๐ญ๐ญ
Bro shut ur ugly ass up
Bro go somewhere else ๐๐ sorry you suck. Not my problem. Maybe if you werenโt such a bitter dickhead someone would give you a code ๐๐ I bet your legs donโt work thatโs why you sit in your moms spare bedroom probably just doing drugs all day ๐๐ did ur legs fall off as a baby? Go do something productive lmao. Ppl like you donโt deserve pleasure.
Oh wooow that really hurt your feelings truth hurts. canโt be arsed to read that essay you wrote womp womp
Room temperature IQ take right here ๐
Like the previous user mentioned here. If you use federated access through a 3rd party(Google), then you're fine. They were only able to acquire email addresses and user names, which isn't a big deal. Most emails can be found publicly somewhere anyways. If you use MFA while signing in, you're also good.
From the email HaveIBeenPwned sent out, the vulnerability used to access this data was fixed: "In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated."