Plex warns users to change their passwords after a data breach
The streaming media platform, Plex, has revealed that it has been impacted by a data breach. The company has advised users to reset their passwords to protect their accounts.
Plex data breach - What happened
Plex has revealed that it had discovered some suspicious activity on one of its databases on Monday. After conducting an investigation, it confirmed that an attacker had gained access to some user data including emails, usernames, and passwords.
The streaming service has already patched the security vulnerability that was exploited by the hacker, and is reviewing the security of its systems as a precaution. The company has sent out emails on Wednesday to alert users about the data breach. For what it's worth, I didn't receive this email even though I have an account with Plex, I came across this news via social media.
Impact on users
Plex has stated that the credit card and other payment related data of users were not stolen during the breach, since this data is not stored on its servers, and are hence not affected by this attack. If you use a single sign-on (SSO) such as Google, Facebook, or Apple as your sign in option on Plex, your account is not affected by this breach. However, your email address associated with the service may have been exposed to the attacker.
The statement from Plex also confirms that the service was not storing passwords in plain text, so a bigger disaster has been averted. The passwords were hashed with salt and pepper, i.e. random strings are added to the passwords to make them. He also confirmed that the credentials were not hashed with MD5, the service uses the Bcrypt algorithm, which is more secure.
What should you do?
Plex has warned users to change their account's password. It is also advising users to sign out of connected devices after changing the password. You will have to authenticate your devices again, which might seem like a chore, but when it comes to security, there is no room for convenience. If you have not done this already, you should also enable 2FA (two-factor authentication) to protect your account from unauthorized logins. You can find instructions for resetting the password on a support page on Plex's website.
I had no trouble resetting my password, but many users have complained that they were unable to change theirs because of an internal server error. This may have been due to heavy load on the company's server because several users were trying to reset their password.
Personally, I prefer Jellyfin, but Plex's effort to alert users a day after the attack happened is commendable. Most companies wait a month or even a few months before notifying users about a data breach.
Do you use Plex?
We use Plex but DO NOT have an account and never will.
@Aswhin or/and @Martin, do you know how to solve the next issue of Libreoffice? I meant to even write an article please if possible, thank you both in advance! Thank you for the article by the way! :]
Thanks, John. I’ll check it and let you know if I can find a fix.
Thank you @Ashwin very much! :]
I tested LibreOffice on two laptops and my MacBook. The issue definitely exists in Windows 11, it is fine on my Windows 10 machine. I wasn’t able to find a solution for it even after tinkering with the Application colors, and digging through the Options > Advanced Configuration settings.
Then I tried the portable version, it had the same issue on my host system. But, when I ran it in my Windows 11 Dev VM, it seems to be fine. Here’s a screenshot comparing the two.
So the issue must have been fixed in an OS update. The only thing we can do is to wait for the fix.
First, the issue you refer to appears to be limited to Windows 11. (That’s not terribly surprising to me, given Windows 11’s current “half-baked” status, but while searching LibreOffice’s Bug Report database, I *did* come across a bug report for a ~somewhat~ related issue affecting MacOS.)
Second, in response to your initial complaint about this on gHacks, I explained how you could fix it:
LibreOffice security update fixes macro execution bypass and potential password leaking – gHacks Tech News
[Peterc’s first reply]
*** I suggest you go to Tools > Options > LibreOffice [from *within* LibreOffice, if that wasn’t clear] and have a look at the Personalization, Application Colors, and Accessibility submenus (and the View submenu, too, if you want to try a different Icon Style). I have a very strong hunch I made no changes at all in the Application Colors submenu, since I’m generally allergic to that kind of item-by-item tweaking, and that I was able to get a highly legible interface with very little effort, so I’m guessing you should be able to as well. ****
[Peterc’s second reply]
*** You didn’t say what OS you were running LO on, but my *guess* is that the default LO install picked up some color elements from your particular “OS theme” in an unhappy/unlucky way. The problem is almost certainly fixable by going through the LibreOffice Options submenus I mentioned earlier. ****
Of course, LibreOffice should *never* “automatically” use color combinations that result in poor legibility, and filing a bug report is the way to get the issue fixed. For future reference, see here:
How to Report Bugs in LibreOffice – The Document Foundation Wiki
But someone has already filed a report for this bug:
148711 – Selected options in context menu show in black text on dark blue background in Windows 11
The bug’s current status is “UNCONFIRMED,” so YOU should create a Bugzilla account and confirm the bug. [Tip: The more pertinent information you include — e.g., what Windows 11 build, theme, and color customizations you are using — and the more organized, clearly written, and concise your post is, the greater chance you’ll have of getting it acted on.
As an interim workaround, I’m pretty confident you can fix the problem by going through LibreOffice’s various display options, as outlined in my first reply, excerpted above. You *might* also be able to fix it by switching to a different Windows 11 desktop theme or by customizing your Windows 11 colors differently. (I’ve never used Windows 11, so I’m just making an educated guess for the latter suggestion.)
At any rate, you really *should* confirm the existing bug report.
Thank you both @Ashwin and @Peterc for your answers. :]
“You will have to authenticate your devices again, which might seem like a chore, but when it comes to security, there is no room for convenience.”
Great sentence; it applies to any and all accounts when a breach occurs. It’s also a routine duty for many online accounts.
I haven’t used Plex since I got a mini computer to hook up to my TV. I haven’t logged into my account since 2012, so. I’ll wait until the account has cleaned up on its own.
@Anonymous: If Plex hasn’t closed your account for non-use, you should probably change your password even if you’re not currently using it.