Plex is a victim of data theft. The platform asks all its users to change their password.
Plex users should change their password as soon as possible. Indeed, the Reading and Streaming Service explains in a memo sent to users affected by this vulnerability that an attacker infiltrated its systems. In particular, we can read that the company immediately launched an investigation after noticing suspicious activity in one of its databases. According to the first elements, Plex explains that a third party had access to a subset of its data, including emails, usernames, and encrypted user passwords.
Plex data theft victim
Even Troy Hunt from Have I Been Pwned was affected. As he explains in his tweet, there is nothing you can do in such a case, but using a password generator and two-factor authentication helps to minimize the risks. It should be noted that Troy Hunt encountered an error while trying to change his password and realized that NOT disabling existing devices completed the process.
The platform asks all its users to change their password
Plex also clarified that it had already patched the vulnerability exploited by the person responsible for this attack, but did not elaborate on the method in question or exploited vulnerability, if any. The company also promised to conduct additional scans to ensure its systems are “hardened to prevent future intrusions.”For now, Plex is asking all of its users to change their password “as a precaution”even if all the passwords recovered by the hacker were encrypted. The platform also assures users in its press release that it does not store credit card numbers on its servers, so a hacker cannot access it.
Shit, I’m being accused of @plex data leakage. Again. There’s nothing I can do to *not* be in a hack like this (other than not using the service), but @1Password generated a random password and turned on 2FA, making this a mere inconvenience rather than a real risk. pic.twitter.com/XetB3IGUh3
— Troy Hunt (@troyhunt) August 24, 2022