An unauthorized party illegally accessed data from TV and movie “scrobbling” service Trakt more than four years ago, but only now are users learning about it.

The California-based company, which allows viewers to track the programs and films they watch, reportedly sent an email to its subscribers informing them that an unauthorized party used a PHP programming language exploit back in December 2014 to capture user data.

“Although this happened in 2014, we only recently discovered this, and wanted to promptly provide notice as part of our commitment to your privacy,” the email states, according to multiple news outlets. Trakt advises recipients to look out for a second email with a link to reset their passwords.

Affected information included users’ emails, usernames, encrypted passwords, names and locations stored. Payment information was not impacted, however, because it was stored separately. In its email notification, Trakt suggests that information entered after January 2015 is safe because the company moved to a new website platform, which removed the exploit and tightened security.