If they're able to change their passwords, they might want to. A bad actor got into the system of the digital media player and streaming service. The company said that it immediately started an investigation after seeing suspicious activity in one of its databases. It appears that a third-party entity got access to a subset of the data, which included people's emails, usernames and passwords.
Have I Been Pwned's Troy Hunt was affected as well. There is nothing anyone can do to be exempt from service hacks, but using a password generator and 2FA makes their impact less severe. Not signing out existing devices made the switch go through when he encountered an error while changing passwords.
The method the bad actor used to get into the system has already been addressed by the company, but it didn't give any further details. The company is going to do more reviews to make sure its systems are impervious to future incursions. All users are required to change their passwords out of an abundance of caution, even if all the passwords were hashed. The bad actor wasn't able to gain access to credit card numbers and other payment data because it doesn't store them in its server.