Plex, a popular streaming platform, is notifying its customers via email about a recent security incident that compromised the company’s user account data. Email addresses, usernames, and passwords were among the information obtained.
According to the company’s response to customers, all account passwords were hashed and secured using industry-recognized best practices, which means they were encrypted. Nonetheless, there is evidence that passwords were accessed. As a result, it recommends that users change their passwords immediately.
Furthermore, the email claimed that no payment card information was kept in the hacked database. As a result, it was untouched. The business also encouraged customers to sign out of any linked devices after changing their passwords and then log back in to make the changes take effect.
The passwords were cryptographically scrambled, according to the corporation, so attackers would need to crack the hashes using additional tools to convert them to plaintext format. According to a Plex spokeswoman, the passwords were hashed with bcrypt, which is one of the best and most secure password-protection algorithms and makes cracking more difficult.
What Happened?
On Wednesday, several Plex media streaming website users reported difficulties logging into their accounts. Troy Hunt, a security researcher, also complained and uploaded screenshots of the errors he saw when attempting to access his account.
Plex later revealed that it had been hacked, explaining that the attackers gained access to its proprietary database and acquired the identities, emails, and passwords of at least 15 to 30 million of its clients.
The organization has discovered the source and cause of the breach and has promised to promptly reduce the threat and prevent others from exploiting the hole. It encourages consumers to enable 2FA and use passwords that are tough to guess across all of their apps, sites, and services.
