Plex Data Breach: Users Asked to Change Passwords

In a recent incident of a data breach, media streaming platform Plex informed its users to change their passwords. The breach was discovered on Tuesday after which the users were notified via email along with the preventive measures to follow. According to the letter sent by Plex, the affected data included a limited subset.

“We immediately began an investigation, and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames and encrypted passwords,” the letter stated.

Impact of the attack

Plex users were assured that the impact of the hacking attack was limited. The attack was discovered on one of its databases. Upon detecting suspicious activities, a team immediately began investigating the incident. According to reports, an unidentified ‘third party’ actor breached the systems of Plex. Since the passwords of all its accounts were hashed — a way of changing certain selected keys to codes that helps in keeping data safe — much of the damage was averted.

The ‘All Systems Operational’ page of Plex

On the official website of Plex, the “All System Operational” page gave a glimpse into an incident on August 24.

The report states that the website was not accessible on the day after the data breach was discovered. The company soon identified the issue, and appropriate actions were taken.

How the data at Plex was kept secure?

Apart from hashing the passwords, Plex has been securing all its data in accordance with the best practices. Moreover, since Plex doesn’t store payment details and credit card data on its servers, this information was unavailable to the hackers.

What instructions are given to Plex users?

Plex users were assured that the company has all the right information and tool to keep the users’ accounts secure. However, as a precautionary measure, they were asked to reset their passwords.

Moreover, users were also asked to sign out of all the devices through which they were logged. This included the Plex Media Server that they owned.

The users were also asked to enable two-factor authentication option on their accounts, if not done already. This would ensure that the passwords and other login credentials were secure from future attacks.

What Plex is doing about the data breach?

Plex has created a special support article with detailed instructions on resetting passwords. A disclaimer mentioned on the note to the users reads, “No one at Plex will ever reach out to you to ask for a password or credit card number over email.”

What is happening as a result of the data breach at Plex?

Some users have been complaining about not being able to change their passwords, on Twitter. Others experienced trouble signing out of other connected devices. This might be a result of too many users trying to reset their passwords at the same time.

Plex is one of the largest media streaming apps and has over 30 million users. The difficulty in resetting their password and similar errors may not necessarily be linked to the data breach. However, the possibilities of the same cannot be ruled out.