In the email, Plex states that the bad actor only accessed a limited subset of its user data. Moreover, the company notes that it stores passwords in an encrypted form, “hashed and secured in accordance with best practices”. However, it is still requiring a password change for all its uses “out of an abundance of caution”. The company is also encouraging users to sign out of all connected devices after changing the password and signing in again with the new password.
A data breach involving user account information has been reported by streaming video service Plex. The business claims that information including usernames, emails, and passwords was accessed improperly by a third party. To avoid danger, it is requiring all of its users to immediately change their passwords. Email is being used by Plex to inform users of the data breach. Funny enough, Troy Hunt of the website Have I Been Pwned, which enables anyone to determine whether their personal information is available on online platforms has been stolen by data breaches, was also “pwned.” On Twitter, he posted a screenshot of the email he had received.
Highlights
Plex data breach did not compromise payment data. Plex added in its email to users that it does not store your credit card or any other payment data on its servers. So this data breach does not pose any direct financial risk. The company also confirmed that it has addressed the loophole that the bad actor leveraged to gain access to its servers. It has also strengthened the security measures to prevent future breaches.
“This is a headache, but we recommend doing so for increased security,” Plex said. Unfortunately, as Hunt notes, checking the button that signs you out of connected devices after a password change leads to an error. It prevents you from changing the password. Unchecking it lets you change your Plex password, though. Hopefully, the company will address this problem soon as it prevents users from doing what it recommends them to do.
However, these kinds of breaches happen quite frequently and you can’t do anything about it. But what you can do is use a password manager to generate unique and strong passwords for your apps and online accounts. It’s never a good idea to use the same password across multiple platforms. Additionally, you should also use two-factor authentication (2FA) for added security. There are plenty of authenticator apps or password managers to choose from.