Streaming media platform Plex sent an email to its customers earlier today notifying them of a security breach that may have compromised account information, including usernames, email addresses and passwords. Although there is no indication that the encrypted passwords have been exposed, Plex advises all users to change their passwords immediately.
Plex is one of the largest media server applications available, with about 20 million people using it to stream video, audio, and photos they upload themselves, in addition to the wide variety of content the service offers to paying subscribers.
The email says, “Yesterday, we detected suspicious activity in one of our databases. We immediately began an investigation and it appears that third parties were able to access a limited subset of data that included emails, usernames and encrypted passwords. There was no confirmation that other private account information was compromised, and no indication that private media libraries (which may or may not include pirated content, private nudities, and other sensitive content) were accessed in the breach.
Plex assures customers that “all accessible account passwords are hashed and secured in accordance with best practices.” “Credit card and other payment data is not stored on our servers and was not affected in this incident,” the email said, adding that financial information also appears to be safe despite the breach.
The cause of the breach has been identified and Plex has taken steps to prevent others from exploiting the same security flaw. “We have already addressed the method used to gain access to this third-party system and are conducting further reviews to ensure we are further hardening the security of all our systems to prevent future intrusions.”
If you have a Plex account, you should take steps to protect it immediately These instructions provided by the company. You should too Enable 2-factor authentication If you haven’t already. Plex puts a two-factor authentication option under your account page.
Additionally, you should use A free or paid password manager Easily manage unique, hard-to-guess passwords and 2fa codes across all your apps, services and sites. Web browsers like Google Chrome, Microsoft Edge, and Safari have decent built-in options these days, though dedicated services are also available from the likes of BitWarden, 1Password, and LastPass. Some password managers will alert you about passwords that have been breached online and auto-fill passwords when prompted by apps and websites on your desktop and phone.