Plex hacked — usernames and hashed passwords compromised
Plex has warned users to change their passwords after a third party gained access to one of its databases.
In an email sent to the media server app’s users, it explained that it had become aware of suspicious activity on the database on Tuesday, 23 August 2022.
“We immediately began an investigation and it does appear that a third party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords,” Plex said.
“While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure,” it added.
Plex said although all account passwords that could have been accessed were hashed and secured in accordance with best practices, it was requiring all Plex accounts to have their password reset “out of an abundance of caution.”
The company assured users that credit card and other payment data were not stored on its servers and weren’t vulnerable in this incident.
“We’ve already addressed the method that this third party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions.”
This is not the first time Plex suffered a data breach in which users’ passwords were exposed.
In July 2015, the company’s web servers that host its blog and forums were compromised.
In that instance, the attacker could access IP addresses, private messages, email addresses, and encrypted forum passwords.
How to protect your account
In a Twitter post on Wednesday, Have I Been Pwned creator and well-known cybersecurity expert Troy Hunt revealed the breach also impacted his account, and users like him could have done nothing to prevent it.
However, he explained that using a randomly-generated password from a reliable password service like 1Password and two-factor authentication (2FA) would make such an incident a mere inconvenience rather than a genuine risk.
If you are a Plex user, you can change your password by following these steps on a browser:
- Log in to your account
- Click on your profile picture at the top right
- In the drop-down menu, select “Account Settings”
- On the next page, scroll down to the “Security” section
- Select “Edit” next to the “Password” tab
- Enter your new password or use a suggested one from a reliable password service
- Enter your old password
- Choose “Sign out connected devices after password change.”
- Click “Save changes”
The 2FA section can be found right underneath the “Password” tab, if you want to set that up too.
Now read: Iranian malware steals user data from Gmail, Yahoo!, and Microsoft Outlook
Loading ...