Plex

Plex confirms passwords, e-mails stolen in “limited” breach

The video streaming giant is requiring all users to reset their passwords in case the stolen hashed passwords can be cracked
Life
Image: Plex

25 August 2022

Video on-demand service Plex has notified its customers of a data breach in which e-mail addresses, encrypted passwords, and user names were stolen by a third party.

Customers were told that the company spotted “suspicious activity” on one of its databases on Wednesday 23 August, but believes the actual impact of the incident to be “limited”.

The cyber criminals were able to access a “limited subset” of the data on the database, it said, including a list of hashed passwords. It added that, out of an abundance of caution, it is now asking Plex users to reset their passwords.

 

advertisement



 

Payment details, such as credit card information, was not affected as part of the attack, the company said, adding this type of information is not stored on its servers.

Plex did not detail how the attackers gained access to its systems but said it knows how they were able to get in and has now worked to fix that issue. The company also assured customers that it was conducting additional reviews into the security of its systems to prevent further intrusions.

“We sincerely apologise to you for any inconvenience this situation may cause,” said Plex in the breach notification reported by IT Pro. “We take pride in our security system and want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring.

“We are all too aware that third parties will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Plex will never be complacent in hardening our security and defences.”

The company has been praised by those in the cyber security community for the speed with which it disclosed the incident.

Plex users have been advised to reset their passwords “immediately” and select the option to sign out of all devices connected to the account, a one-click option available during the password reset process.

The media company has recommended enabling two-factor authentication (2FA) as an additional precaution, if users do not have this enabled already.

“This is a headache, but we recommend doing so for increased security,” it said.

Future Publishing

Read More:


Back to Top ↑

TechCentral.ie