Plex warns users to change their passwords after a data breach

Ashwin
Aug 25, 2022
Security
|
10

The streaming media platform, Plex, has revealed that it has been impacted by a data breach. The company has advised users to reset their passwords to protect their accounts.

Plex warns users to change their passwords after a data breach

Plex data breach - What happened

Plex has revealed that it had discovered some suspicious activity on one of its databases on Monday. After conducting an investigation, it confirmed that an attacker had gained access to some user data including emails, usernames, and passwords.

The streaming service has already patched the security vulnerability that was exploited by the hacker, and is reviewing the security of its systems as a precaution. The company has sent out emails on Wednesday to alert users about the data breach. For what it's worth, I didn't receive this email even though I have an account with Plex, I came across this news via social media.

ADVERTISEMENT

Impact on users

Plex has stated that the credit card and other payment related data of users were not stolen during the breach, since this data is not stored on its servers, and are hence not affected by this attack. If you use a single sign-on (SSO) such as Google, Facebook, or Apple as your sign in option on Plex, your account is not affected by this breach. However, your email address associated with the service may have been exposed to the attacker.

The statement from Plex also confirms that the service was not storing passwords in plain text, so a bigger disaster has been averted. The passwords were hashed with salt and pepper, i.e. random strings are added to the passwords to make them. He also confirmed that the credentials were not hashed with MD5, the service uses the Bcrypt algorithm, which is more secure.

When users questioned the company about what other data may have been leaked through the Plex data breach, a representative of the company said that Plex does not know what content a user has in his/her library, so your media is safe. You can take a look at the company's privacy policy for more details.

What should you do?

Plex has warned users to change their account's password. It is also advising users to sign out of connected devices after changing the password. You will have to authenticate your devices again, which might seem like a chore, but when it comes to security, there is no room for convenience. If you have not done this already, you should also enable 2FA (two-factor authentication) to protect your account from unauthorized logins. You can find instructions for resetting the password on a support page on Plex's website.

I had no trouble resetting my password, but many users have complained that they were unable to change theirs because of an internal server error. This may have been due to heavy load on the company's server because several users were trying to reset their password.

Personally, I prefer Jellyfin, but Plex's effort to alert users a day after the attack happened is commendable. Most companies wait a month or even a few months before notifying users about a data breach.

Do you use Plex?

Summary
Plex warns users to change their passwords after a data breach
Article Name
Plex warns users to change their passwords after a data breach
Description
Plex has suffered a data breach. The streaming media service has warned users to change their passwords.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Tachy said on August 25, 2022 at 3:00 pm
    Reply

    We use Plex but DO NOT have an account and never will.

  2. John G. said on August 25, 2022 at 5:01 pm
    Reply

    @Aswhin or/and @Martin, do you know how to solve the next issue of Libreoffice? I meant to even write an article please if possible, thank you both in advance! Thank you for the article by the way! :]
    https://ask.libreoffice.org/t/context-menus-colors/76631

    1. Ashwin said on August 25, 2022 at 7:02 pm
      Reply

      Thanks, John. I’ll check it and let you know if I can find a fix.

      1. Jonh G. said on August 25, 2022 at 7:19 pm
        Reply

        Thank you @Ashwin very much! :]

      2. Ashwin said on August 26, 2022 at 7:36 am
        Reply

        Hi John,

        I tested LibreOffice on two laptops and my MacBook. The issue definitely exists in Windows 11, it is fine on my Windows 10 machine. I wasn’t able to find a solution for it even after tinkering with the Application colors, and digging through the Options > Advanced Configuration settings.

        Then I tried the portable version, it had the same issue on my host system. But, when I ran it in my Windows 11 Dev VM, it seems to be fine. Here’s a screenshot comparing the two.

        https://i.imgur.com/QFyn4zB.jpg

        So the issue must have been fixed in an OS update. The only thing we can do is to wait for the fix.

    2. Peterc said on August 25, 2022 at 9:08 pm
      Reply

      @John G.:

      First, the issue you refer to appears to be limited to Windows 11. (That’s not terribly surprising to me, given Windows 11’s current “half-baked” status, but while searching LibreOffice’s Bug Report database, I *did* come across a bug report for a ~somewhat~ related issue affecting MacOS.)

      Second, in response to your initial complaint about this on gHacks, I explained how you could fix it:

      ===========================================
      LibreOffice security update fixes macro execution bypass and potential password leaking – gHacks Tech News

      https://www.ghacks.net/2022/07/27/libreoffice-security-update-fixes-macro-execution-bypass-and-potential-password-leaking/

      [Peterc’s first reply]

      *** I suggest you go to Tools > Options > LibreOffice [from *within* LibreOffice, if that wasn’t clear] and have a look at the Personalization, Application Colors, and Accessibility submenus (and the View submenu, too, if you want to try a different Icon Style). I have a very strong hunch I made no changes at all in the Application Colors submenu, since I’m generally allergic to that kind of item-by-item tweaking, and that I was able to get a highly legible interface with very little effort, so I’m guessing you should be able to as well. ****

      [Peterc’s second reply]

      *** You didn’t say what OS you were running LO on, but my *guess* is that the default LO install picked up some color elements from your particular “OS theme” in an unhappy/unlucky way. The problem is almost certainly fixable by going through the LibreOffice Options submenus I mentioned earlier. ****
      ===========================================

      Of course, LibreOffice should *never* “automatically” use color combinations that result in poor legibility, and filing a bug report is the way to get the issue fixed. For future reference, see here:

      ===========================================
      How to Report Bugs in LibreOffice – The Document Foundation Wiki
      https://wiki.documentfoundation.org/QA/BugReport
      ===========================================

      But someone has already filed a report for this bug:

      ===========================================
      148711 – Selected options in context menu show in black text on dark blue background in Windows 11
      https://bugs.documentfoundation.org/show_bug.cgi?id=148711
      ===========================================

      The bug’s current status is “UNCONFIRMED,” so YOU should create a Bugzilla account and confirm the bug. [Tip: The more pertinent information you include — e.g., what Windows 11 build, theme, and color customizations you are using — and the more organized, clearly written, and concise your post is, the greater chance you’ll have of getting it acted on.

      As an interim workaround, I’m pretty confident you can fix the problem by going through LibreOffice’s various display options, as outlined in my first reply, excerpted above. You *might* also be able to fix it by switching to a different Windows 11 desktop theme or by customizing your Windows 11 colors differently. (I’ve never used Windows 11, so I’m just making an educated guess for the latter suggestion.)

      At any rate, you really *should* confirm the existing bug report.

      1. John G. said on August 26, 2022 at 2:28 pm
        Reply

        Thank you both @Ashwin and @Peterc for your answers. :]

  3. VioletMoon said on August 25, 2022 at 5:11 pm
    Reply

    “You will have to authenticate your devices again, which might seem like a chore, but when it comes to security, there is no room for convenience.”

    Great sentence; it applies to any and all accounts when a breach occurs. It’s also a routine duty for many online accounts.

  4. Anonymous said on August 25, 2022 at 8:52 pm
    Reply

    I haven’t used Plex since I got a mini computer to hook up to my TV. I haven’t logged into my account since 2012, so. I’ll wait until the account has cleaned up on its own.

    1. Peterc said on August 26, 2022 at 10:52 pm
      Reply

      @Anonymous: If Plex hasn’t closed your account for non-use, you should probably change your password even if you’re not currently using it.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.