Home media streaming service users complex have been warned to reset their passwords immediately after a breach in which an undisclosed third party was able to seize a set of user data that included email addresses, usernames and passwords. passwords.
Plex contacted users of the service on Wednesday, August 24, after the company discovered suspicious activity in one of its databases on August 23. He said he believed the actual impact had been limited and that all passwords being accessed were “sliced and insured according to best practices.” However, it is believed that up to 15 million out of approximately 30 million users may have been affected.
“Out of an abundance of caution, we are requesting that all Plex accounts be password reset,” the firm said in an email seen by Compute Weekly. “Please be assured that credit card and other payment details are not stored on our servers at all and were not vulnerable in this incident.”
Plex added: “We have already addressed the method the third party used to gain access to the system, and we are conducting additional reviews to ensure that the security of all of our systems is further strengthened to prevent future incursions.”
The firm has directed users to its password reset guide, what can be found hereand recommends that users consider implementing some form of multi-factor authentication (MFA) in their accounts if they haven’t already.
It read: “We’d also like to remind you that no one at Plex will contact you asking for a password or credit card number via email.
“We sincerely apologize for any inconvenience this situation may cause. We take pride in our security system and want to assure you that we are doing everything we can to quickly remediate this incident and prevent future incidents from occurring.”
It is understood that the Plex service also experienced a period of downtime on August 24, although it is unclear whether or not this was related to the incident. It was possibly caused by users accessing their accounts in large numbers. The organization has not commented further on the incident.
Plex began in the late 2000s as a free media center app for Apple Mac products from developer Elan Feingold.
Since then, it has evolved into a widely used media player system based on a client-server model that allows its users to organize their own media, such as audio, photos, and video, from their PCs and online services and stream it to the Internet. player of your choice. More recently, it has branched out to offer ad-supported video on demand and free live TV channels.
It works with multiple platforms including Android, Apple TV, Chromecast, Roku, iOS, PlayStation, Sonos, webOS, Windows, Xbox, and macOS.
Geoffrey Fisher, Senior Director of Integration Strategy at taniumcommented: “Plex appears to have put forth a strong incident response and what appear to be many security best practices, but took an additional hit due to resource issues that further crippled their system when users attempted to change credentials en masse.
“What is interesting is the possible consequences stemming from the technological savvy of Plex’s subscriber base and how they will respond to this gap. There could be implications in the future.
Fisher added: “Ultimately, this intrusion reinforces the seemingly old adage to prevent password reuse. As a call to action, users should heed the recommendation to change their Plex credentials and use the available MFA.
“More importantly, they need to make sure they never reuse passwords across apps or platforms. This cannot be overstated because a successful attack can happen against any organization, so it’s important to do your part with password variations to mitigate the consequences.”