Plex tells users to reset their passwords after potential data breach

Joystiq

Joystiq News
Please, Log in or Register to view URLs content!
users may want to change their passwords as soon as they're able. The digital media player and streaming service said a bad actor had infiltrated its system in a
Please, Log in or Register to view URLs content!
affected by the breach. In it, the company has revealed that it immediately started an investigation after it saw suspicious activity in one of its databases. Based on what it saw, Plex said it does appear that a third-party entity got access to a subset of its data, which includes people's emails, usernames and encrypted passwords.

Even Troy Hunt of Have I Been Pwned was affected. As he noted in his tweet, there's nothing anyone can do to be exempt from service hacks, but using a password generator and 2FA make their impact much less severe. To note, he encountered an error while trying to change passwords and found that not signing out existing devices made the switch go through.

Aw crap, I’m pwned in a
Please, Log in or Register to view URLs content!
data breach. Again. I can’t do anything to *not* be in a breach like this (short of not using the service), but a
Please, Log in or Register to view URLs content!
generated random password and 2FA enabled makes this a mere inconvenience rather than a genuine risk.
Please, Log in or Register to view URLs content!


— Troy Hunt (@troyhunt)
Please, Log in or Register to view URLs content!

Plex said it has already addressed the method the bad actor used to infiltrate its system, but it didn't elaborate on what method that is or what vulnerability the hacker exploited if any. The company also vowed to do additional reviews to make sure its systems are "further hardened to prevent future incursions." For now, Plex is requiring all users to change their passwords "out of an abundance of caution" even if all the passwords the hacker got access to were hashed. It also assured all users in its letter that it doesn't store credit card numbers and other payment data in its servers, so the bad actor wasn't able to get access to them.

Please, Log in or Register to view URLs content!


Console Bang News!
 

Users who are viewing this thread

Top