Plex advises users to change passwords following data leak
On Tuesday, Plex announced it had identified evidence of the breach and determined that the attacker had gained access to “a limited subset of data that includes emails, usernames, and encrypted passwords.” Plex vice president of engineering Schuyler Ullman said that the company uses the more secure bcrypt algorithm to hash user account passwords, rendering them unreadable to humans, and that these passwords are further protected by salting and peppering, two cryptographic concepts that make it much more difficult for attackers to decipher stolen passwords.
Plex has stated that it does not keep any information related to credit cards or other forms of payment on its servers.
One of the most popular media streaming programmes, Plex lets you watch movies and live TV, as well as stream your own music, videos, and images stored on your home media server. Plex boasts a user base of over 30 million. A representative for the company stated that both clients who use their own media and those who use streaming services are vulnerable to the incident.
A spokeswoman for Plex did not provide an exact number of people affected by the incident when contacted, but did state that “the majority of accounts” were compromised. Some users complained that they were unable to check out of other linked devices or that they received an error message after trying to change their password after receiving an email from Plex about the breach the night before.
In an email to customers, Plex said, “already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions,”
Few more details have emerged, and Plex has not yet made any public announcement regarding the breach on its website or social media. The representatives from Plex that we contacted did not answer our questions right away.
Because of the Plex hack, it is important to take precautions against unauthorised access to your online accounts, such as using a password manager and enabling two-factor authentication.
