Media streaming platform Plex has been hacked with user passwords and personal data stolen (opens in new tab), the company has confirmed.
Plex sent out an email notification to its users explaining the situation, and asking them to change passwords as soon as possible.
The email noted a “limited subset” of accounts had been compromised, but the stolen data was “hashed and secured in accordance with best practices”.
Plex passwords
No more details have been provided, including how the breach happened, how many users were affected, or whether or not the passwords were salted.
The only thing we do know is that payment data was not stolen, as Plex says it does not keep that kind of data around, and that whatever hole the threat actor crawled through, was patched. Plex “already addressed the method that this third-party employed to gain access to the system,” it said.
It is also worth mentioning that users were “kindly requested” to change their passwords, suggesting that the update isn’t mandatory. Regardless, people rushed to change their login credentials, but many couldn’t do it, as Plex’s servers collapsed under the increased traffic.
This is not the first time Plex’s cybersecurity issues have made the headlines. In early 2021, it was discovered that DDoS-for-hire services were leveraging some security flaws in Plex Media Server systems as a UDP reflection/amplification vector in DDoS attacks.
This is not the first time Plex’s cybersecurity issues have made the headlines. In early 2021, it was discovered that DDoS-for-hire services were leveraging some security flaws in Plex Media Server systems as a UDP reflection/amplification vector in DDoS attacks.
The company was quick to react to the news, issuing a software patch that fixed the problem.
Via: The Register (opens in new tab)