All Plex users should reset passwords in wake of data breach

News
By published

Media streaming giant warns of a cyberattack

Plex on mobile
(Image credit: Shutterstock)
  • Plex suffered a data breach exposing emails, usernames, and hashed passwords
  • Users are urged to change passwords and enable two-factor authentication
  • A separate vulnerability in Plex Media Server was patched in August

Popular media server and streaming platform, Plex, warned its users about losing their sensitive data in a cyberattack, and urged them to update their passwords as a result.

In a forum post published on September 8, Plex said it recently experienced a security incident with “limited impact”, when an unauthorized third party accessed a subset of customer data.

“While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data,” the post reads. Credit card or other payment data was not accessed since it wasn’t even stored on company servers.

Hashed passwords are unreadable

The passwords were hashed “in accordance with best practices,” Plex further stated, explaining that the hackers cannot read them. Still, to be on the safe side, the company recommends users log out of all sessions, and change all passwords. It also stresses that it will never reach out via email to ask for a password or credit card number, hinting that the miscreants might start sending phishing attacks to the email accounts they obtained in the attack.

“For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven’t already done so.”

As a media server and streaming platform, Plex lets users collect, organize, and stream personal media such as movies, TV shows, music, photos, and more on almost any device. It is quite popular, with some sources claiming it has more than 25 million active users.

In mid-August this year, Plex said it patched a mysterious vulnerability affecting its Plex Media Server product, and has told users to not to delay applying the fix. The company received a report via its bounty program about a potential security issue affecting Plex Media Server versions 1.41.7.x to 1.42.0.x and soon after, came forward with a patch.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.