The media streaming service Plex informed its subscribers that it had been the target of a security breach, which might have resulted in the disclosure of their usernames, encrypted passwords, and email addresses.
According to The Verge, Plex notified its customers of the data breach through email, at which point the firm recommended that all customers change their passwords immediately.
Twenty million people worldwide rely on Plex to store and share their media collections, including music, movies, and images.
According to The Verge’s reporting, Plex assured its users that any passwords exposed in the data breach had been hashed and encrypted and that the amount of data improperly accessed was small.
Users were also assured that the Plex data leak did not affect any other account information, including private media libraries that may have contained sensitive content.
Impact on Users
Plex has assured its customers that their payment information, including credit card numbers, is safe and secure because it is not stored on its systems and was therefore not compromised during the breach.
If you connect to Plex via a single sign-on (SSO) service like Google, Facebook, or Apple, your account is safe. Nonetheless, the attacker may have access to the email address you used when signing up for the service.
In addition, the statement from Plex reveals that the service was not keeping passwords in plain text, meaning a worse tragedy has been averted. Passwords were “salted and peppered,” or scrambled with additional random strings.
He also confirmed that a more secure hashing technique than MD5 is used by the service, saying that it employs the Bcrypt algorithm instead.
What Should You Do?
Plex is recommending that all account passwords be changed immediately. Users are also encouraged to sign out of all logged-in devices after resetting their password. Although it may be an inconvenience to have to authorize your devices once again, security must always come first.
You should also turn on two-factor authentication (2FA) to prevent illegal access to your account if you haven’t already. The Plex website features a support section where you may retrieve information on how to reset your password.
Read More: Twitter Videos Download: How To Do It?
While I had no issues resetting my password, many other users have reported being unable to do so due to a server problem. It’s possible that this happened because of the large number of people attempting to change their passwords at the same time.
While I still favor Jellyfin, I do applaud Plex for trying to warn its users a day after the incident took place. When a data breach occurs, most businesses wait a month or more before alerting customers.