Users of the popular streaming and media organization service Plex are waking up this morning to an awkward email stating, in the words of a Registration number Reader: “Plex has been hacked and their main site is down as we all rush to change passwords.”
The email, which was forwarded by several readers, says a third-party attacker was able to access a “limited subset” of user accounts that were “hashed and secured in accordance with best practices.”
All Plex users will need to reset their passwords via email, although it’s also unclear how mandatory or automated the change will be. Several of our readers complained that they couldn’t do this immediately as the servers gave out under the stress.
— KellicTiger (@KellicTiger) August 24, 2022
Plex said payment details and credit card information are not stored on its servers and none were stolen in the breach.
The streaming company wasn’t very forthcoming, saying only what was quoted above. Plex said in its email that it “already addressed the method used by this third party to gain access to the system,” and assured users that it is doing further work to harden systems against future attacks.
No mention was made of specific damage control measures or details of how the attack was carried out. Plex also declined to give numbers about its “limited subset” of users, and didn’t clarify whether the hashed logins were salted. We’ve asked and will update the story when we get an answer.
Later in the letter, Plex said it “kindly requested” that users reset their passwords — hardly a mandatory language — and asked them to make sure they also select the option to sign out of all connected services.
Plex started out as a streaming service best known for easy home media server setup and offering integrations for several popular media apps.
Plex bot a cloud service It allowed users to sync files from cloud services, but the service was discontinued in 2018, forcing cloud users to return to home media servers. The service also offers free and ad-supported movies and live streaming channels.
plex Password reset instructions are a bit of a hassle, but it’s a good idea not to sit on this one if you’re a user, especially if your Plex account is tied to a home media server that you want to keep secure. ®
https://www.theregister.com/2022/08/24/data_breach_plex_hack/ User details exposed in attack on Plex streaming service • The Register