Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
Plex, a California company that runs a streaming media service and a client-server media player platform, confirmed that a third-party “was able to access a limited subset of data” from a compromised database.
The company is urging all Plex users to immediately reset account passwords and log out of all devices connected to its service.
From the Plex notification:
The company said credit card and other payment data are not stored on its servers and were not vulnerable or compromised in this incident.
[ READ: Apple Patches New macOS, iOS Zero-Days ]
Plex did not provide details on the database hack or whether any software vulnerabilities were exploited.
“We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions,” the company said.
“While the account passwords were secured in accordance with best practices, we’re requiring all Plex users to reset their password.”
In addition to immediate password resets, Plex is recommending that users tick off the checkbox to "Sign out connected devices after password change."
“This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security,” the company said.
By Ryan Naraine on Wed, 24 Aug 2022 14:56:27 +0000
Original link