An unauthorized party recently gained access to the databases of streaming service Plex. The organization forces millions of users to change their passwords.
Plex is a streaming service. Users receive storage capacity to upload their own blu-rays, DVDs and other video formats. The video content is available in the same environment as popular streaming services, including Netflix, Hulu and Disney+.
Plex recently informed users that a third party gained access to the organization’s databases. Website BleepingComputer learned the news from an anonymous source. Plex disclosed that the intruder may have had insight into user data, including email addresses, usernames and encrypted passwords.
“Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution, we are requiring all Plex accounts to have their password reset”, the organization said.
“Nevertheless, as a precaution, we require all account holders to reset their passwords. Rest assured that credit card and other payment information is not stored on our servers at all, and was not vulnerable in this incident.” Plex claims to be aware of the intrusion’s cause. According to the organization, the issue was addressed to prevent similar incidents in the future.
Impact
The impact of the incident is unclear. Plex described the damage as “limited”. BleepingComputer contacted the organization for a comment, but initially received no response.
Some users claim that free accounts are unaffected. The reports indicate that the problem is limited to paying customers. The rumors are unverified at this time.
Plex’s website suffered an outage earlier today. The server is back up and running at this time. It’s unknown whether the outage is related to the intrusion.
Access security
Unauthorized access to user data frequently leads to data breaches. Cybercriminals that manage to infiltrate databases may sell stolen data on the dark web. Sold passwords and usernames are input into popular web services with automatic tools.
Flex account holders do well to review whether their account credentials are in use elsewhere. If so, changing all similar account credentials is advised.
Most password management tools have an automatic password generator that prevents account theft. Two-step verification greatly reduces the risk of data loss as well.
Tip: Data privacy: from necessary security step to competitive advantage