Plex, a popular streaming platform, has sent out emails to its customers notifying them of a security breach that may have compromised account information, including usernames, email addresses and passwords.
While Plex is a streaming platform like Netflix or Showmax, it works differently whereby users can provide their own content instead of relying on a big company’s library which can change from month to month.
The platform is one of the largest in its space, used by more than 20 million people to access different types of media, including streaming video, audio and photos they upload themselves, as well as accessing various types of content Plex offers to its paying customers.
In the email to their users, Plex advises them to change their passwords as soon as possible. They explain that the company started noticing suspicious activity in one of its databases on Tuesday, August 23.
“We immediately began an investigation, and it does appear that a third party was able to access a limited subset of data that includes emails, usernames and encrypted passwords,” Plex explains.
They go further to clarify that all the passwords that were exposed were hashed and secured in accordance with best practices, meaning the attackers would have to reverse engineer the passwords to convert them into a readable format. However, Plex does not mention whether any private media libraries were compromised.
“Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset,” the email reads.
During the password reset process, Plex urges customers to also tick the “sign out connected devices” checkbox to ensure there are no stray devices still connected to their devices
To the relief of many, Plex assures their users that their credit card info and other payment data are not in their servers, and they were therefore not affected in any shape or form when the breach happened.
They conclude by saying that they found the cause of the breach and have taken the necessary steps to ensure similar attacks do not take advantage of the same flaw. “We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions.”
To keep your accounts safe, it is always wise to use different passwords for each platform that you are subscribed to so that in case one platform is compromised, the attackers would only have your email with no access to the other platforms. For easy management of your multiple passwords, consider using the built-in password managers in established browsers like Chrome and Firefox, or invest in a paid option like Bitwarden or 1Password that have more features.
