Security notices

Security Notice (15 March 2024)

On February 15, 2024, we identified suspicious activity on one of Letterboxd’s staff accounts. We immediately blocked this unauthorized access, however some data associated with a number of members (significantly less than 1% of all accounts) was accessed during this time.

Staff accounts allow access to support tools, including a tool that exports information for an individual member. The information accessed for each of the affected members included their email address, private lists, private watchlist (if enabled), and deleted content. No accounts (other than the staff member’s) were signed into, no data was changed, and no passwords or financial information was accessed. Unfortunately, we’re not able to determine which accounts had their data accessed.

We would like to apologize to our community. At Letterboxd, the privacy and security of members is our top priority. As such, we have put several mitigations, improvements and additional security measures in place to prevent such unauthorized access from happening in the future. We recommend that all members use a unique, complex password and enable two-factor authentication for the best account security. If you have any additional questions about this incident please email our security team.