A threat actor has allegedly leaked the database of Cineverse[.]id, an Indonesian online platform focused on film and entertainment media. The data was posted on a dark web forum and is claimed to contain the records of approximately 10,000 users. Cineverse.id serves as a community and information hub for movie enthusiasts in the region, making the exposure of its user data a significant concern for its member base.
The compromised information appears to originate from the website’s user database, exposing a wide range of sensitive personal and technical data. The threat actor shared a list of database columns and a sample of the data, which includes user credentials and personally identifiable information (PII). This incident could expose affected users to various risks, including phishing campaigns, identity theft, and credential stuffing attacks on other platforms where they might have reused passwords.
The allegedly leaked data includes the following:
- User logins and nicknames
- User email addresses
- Hashed passwords
- First and last names
- User registration dates
- Social media profile links (Facebook, Twitter, Instagram, etc.)
- IP addresses
- Session tokens and other site activity metrics
