Plexthe popular content streaming service, is notifying its customers via email that it has been the victim of a data breach through which they have been able to leak usernames, email addresses and encrypted passwords.
Plex is an old acquaintance of the services of streaming which is used by about 20 million people who transmit videos, audios and photos uploaded by themselves. It stands out for being one of the best solutions in its segment, it has a redistributable client and server and also offers an ever-increasing variety of content to paying subscribers.
In the email sent to customers, Plex explains that yesterday you discovered suspicious activity in one of your databases which prompted her to immediately launch an investigation. The company concluded that apparently “a third party was able to access a limited subset of data including emails, usernames, and encrypted passwords”. Other data like credit cards and payment details have not been compromised and Plex believes that “the real impact of this incident is limited”.
As we have already said, among the allegedly leaked data are encrypted passwords. If Plex has applied best practices on that front (which it claims to do), it means that attackers will have a hard time getting the raw passwords, which ultimately is what allows access to accounts, but still never comes. It is wrong to take extreme precautions and change them to avoid disappointment.
The company has explained that it is analyzing the method used by the third party that has sneaked into its systems in order to strengthen them and thus prevent further incursions of similar characteristics. Plex has chosen to warn and not force users to change their password, although has recommended checking the box “log out of connected devices after password change” as an additional security measure and enable two-step authentication.
The mass notification seems to have led to some saturation on the Plex servers, as some users reported a few hours ago that they were unable to change the password due to an internal server error (500) when using the reset mechanism.
In short, if you are a Plex customer, we strongly recommend changing your password immediately under the conditions set out by the company and activating two-step authentication. In this context, the use of a password manager can contribute to strengthening security by generating words that are difficult to guess through the use of brute force.
