Plex confirms data hack, user details and passwords stolen

Passwords were taken, Plex confirms

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Media streaming platform Plex has been hacked with user passwords and personal datastolen, the company has confirmed.

Plex sent out an email notification to its users explaining the situation, and asking them to changepasswordsas soon as possible.

Theemailnoted a “limited subset” of accounts had been compromised, but the stolen data was “hashed and secured in accordance with best practices”.

Plex passwords

Plex passwords

No more details have been provided, including how the breach happened, how many users were affected, or whether or not the passwords were salted.

The only thing we do know is that payment data was not stolen, as Plex says it does not keep that kind of data around, and that whatever hole the threat actor crawled through, was patched. Plex “already addressed the method that this third-party employed to gain access to the system,” it said.

It is also worth mentioning that users were “kindly requested” to change their passwords, suggesting that the update isn’t mandatory. Regardless, people rushed to change their login credentials, but many couldn’t do it, as Plex’s servers collapsed under the increased traffic.

This is not the first time Plex’s cybersecurity issues have made the headlines. In early 2021, it was discovered that DDoS-for-hire services were leveraging some security flaws in Plex Media Server systems as a UDP reflection/amplification vector in DDoS attacks.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Plex media streaming service had some major security flaws>Over two billion passwords were leaked by hackers in 2021>These are the best password managers around

This is not the first time Plex’s cybersecurity issues have made the headlines. In early 2021, it was discovered that DDoS-for-hire services were leveraging some security flaws in Plex Media Server systems as a UDP reflection/amplification vector in DDoS attacks.

The company was quick to react to the news, issuing a software patch that fixed the problem.

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Anker Nebula Mars 3 review: A powerful and truly portable projector