Plex confirms database breach and data theft
Popular streaming media platform Plex is struggling to reset users’ passwords after a database hack that included the theft of encrypted emails, usernames and passwords.
Plex, a California-based company that operates a media streaming service and client-server media player platform, confirmed that a third party “was able to access a limited subset of data” from a database. compromised data.
The company is urging all Plex users to immediately reset account passwords and log out of all devices connected to its service.
From the Plex notification:
Yesterday we discovered suspicious activity on one of our databases. We immediately launched an investigation and it appears that a third party was able to access a limited subset of data including encrypted emails, usernames and passwords. While all account passwords that could have been accessed have been hashed and secured in accordance with best practices, as a precaution, we require all Plex accounts to have their passwords reset.
The company said credit card and other payment data is not stored on its servers and was not vulnerable or compromised in this incident.
[ READ: Apple Patches New macOS, iOS Zero-Days ]
Plex did not provide details about the database hack or whether any software vulnerabilities were exploited.
“We have already addressed the method used by this third party to gain access to the system, and we are conducting additional reviews to ensure that the security of all of our systems is further tightened to prevent future incursions,” the company said. .
“While account passwords have been secured using best practices, we require all Plex users to reset their passwords.”
In addition to immediate password resets, Plex recommends users check the “Disconnect connected devices after password change” box.
“This will additionally disconnect all of your devices (including any Plex Media Servers you own) and force you to reconnect with your new password. It’s a hassle, but we recommend doing this for security increased,” the company said.
Related: Twilio Hacked After Employees Tricked Into Giving Up Login Credentials
Related: Media Streaming Company Plex Hacked, Blackmailed
Related: Plex Media Server Abused For DDoS Attacks