Plex warns users to change their passwords after a data breach
The streaming media platform, Plex, has revealed that it has been impacted by a data breach. The company has advised users to reset their passwords to protect their accounts.
Plex data breach - What happened
Plex has revealed that it had discovered some suspicious activity on one of its databases on Monday. After conducting an investigation, it confirmed that an attacker had gained access to some user data including emails, usernames, and passwords.
The streaming service has already patched the security vulnerability that was exploited by the hacker, and is reviewing the security of its systems as a precaution. The company has sent out emails on Wednesday to alert users about the data breach. For what it's worth, I didn't receive this email even though I have an account with Plex, I came across this news via social media.
Impact on users
Plex has stated that the credit card and other payment related data of users were not stolen during the breach, since this data is not stored on its servers, and are hence not affected by this attack. If you use a single sign-on (SSO) such as Google, Facebook, or Apple as your sign in option on Plex, your account is not affected by this breach. However, your email address associated with the service may have been exposed to the attacker.
The statement from Plex also confirms that the service was not storing passwords in plain text, so a bigger disaster has been averted. The passwords were hashed with salt and pepper, i.e. random strings are added to the passwords to make them. He also confirmed that the credentials were not hashed with MD5, the service uses the Bcrypt algorithm, which is more secure.
What should you do?
Plex has warned users to change their account's password. It is also advising users to sign out of connected devices after changing the password. You will have to authenticate your devices again, which might seem like a chore, but when it comes to security, there is no room for convenience. If you have not done this already, you should also enable 2FA (two-factor authentication) to protect your account from unauthorized logins. You can find instructions for resetting the password on a support page on Plex's website.
I had no trouble resetting my password, but many users have complained that they were unable to change theirs because of an internal server error. This may have been due to heavy load on the company's server because several users were trying to reset their password.
Personally, I prefer Jellyfin, but Plex's effort to alert users a day after the attack happened is commendable. Most companies wait a month or even a few months before notifying users about a data breach.
Do you use Plex?Advertisement