Users of Plex should consider changing their passwords as soon as they are able to. In a letter to consumers affected by the incident, the digital media player and streaming service revealed that a malicious actor had accessed its system.
In it, the business admits that it began looking into the matter as soon as it noticed something out of the ordinary in one of its databases. In light of what it observed, Plex has concluded that a third party gained access to some of its data, including user emails, usernames, and encrypted passwords.
The security expert Troy Hunt from Have I Been Pwned was not immune. There’s no way to prevent service hacks, as he pointed out in his tweet, but taking precautions like utilizing a password generator and two-factor authentication can mitigate the damage. It’s worth noting that he ran into trouble when attempting to change passwords, but that everything went smoothly once he forgot to sign out of his existing devices.
Plex claims it has patched the vulnerability that allowed the attacker to get access to its system, but it hasn’t specified what that weakness was. The firm has also promised to conduct more audits to guarantee its systems are “further hardened to prevent future breaches.”
All Plex users are currently required to update their passwords “out of an excess of caution,” even if the hacker only had access to hashed passwords. The company also assured its customers in the letter that no sensitive payment information, including credit card details, was stored on the company’s systems and was therefore inaccessible to the hacker.