Cineplex Asks Users to Update Passwords as Security Precaution


This morning, Cineplex emailed their Connect members asking them to update their passwords, leading users to ponder if there was a hack or breach of customer data.

The email did not state a breach had occurred at the company, only to say “we want to draw your attention to recent news about thefts of user information from a number of popular online services. As a result of these incidents, a large volume of private user information, such as email addresses and passwords, has been exposed.”

Cineplex password reset

Cineplex went on to say “Security experts agree that using the same username and password for multiple services is a risky behaviour.”

Users quickly reached out to Cineplex on Twitter to ask if the email was legitimate or if a had had occurred. The company responded “This is a valid email, we are being pro-active to help our users stay secure.”

Screenshot 2017 02 24 10 02 52

To change your password, you need to login to Cineplex’s website, click on the Security tab and follow password change instructions.

Was Cineplex hacked or breached? Doesn’t sound like it, but they want users to update their passwords anyways.

Earlier, it was reported a bug with Cloudflare had potentially exposed critical user information, but that has since been patched by the company. Also this week, we saw Loblaws reset customer passwords after a breach resulted in PC Plus points stolen from some members.


  • Gary Bowen

    There is no security tab when I click on the link. Tried on computer and phone. Anybody else have success with this?

  • Gary Bowen

    Also, right now, just takes forever to load.

  • Zipline

    You have to click on your name and select Manage Profile before you can see the Security tab (on computer)

  • Gary Bowen

    Cool thanks. It was different earlier. It’s working now.

  • fredf1

    I tried to do it but the navigation is terrible and the speed of their website is painful.
    Nice of them to send out this notice and then be totally unprepared technologically to deal with it.

  • thomaus

    Wow. That is such a bad email from SCENE. They should not only never direct link to pages requesting security details, they should announce they will never do such a thing. Sending something like this only supports the phishers/spammers to mimic the same thing and steal information. Everything on that email can be faked, along with the landing page asking for information to reset the password.

  • o_0

  • Angus

    Same thing just happened to me.

    My “Account Activity” page shows failed logins from Chrome 60.0.3112 – Windows 8.1, location unknown. This happened around 4AM so it definitely wasn’t me.