In addition to a media server, Plex also offers streaming services. Attackers have now been able to break into the Plex user database, the provider writes to affected users in an email. They would have had access to the access data.
Access to credentials
Specifically, unusual activities were noticed on one of the databases on Tuesday of this week. The investigation that was launched revealed that an external party had access to a limited set of data. This includes email address, username and encrypted password. Although all access passwords accessible to the intruders were hashed and secured according to standard best practice, the security team decided that a password reset was required for all Plex accounts.
In the email to users, Plex points out that credit card information and payment data are not stored on their servers and were not vulnerable to the incident. The security specialists have already addressed the unspecified attack method used by the burglars to gain access to the system. In addition, further investigations and additional hardening of the systems are taking place in order to ensure their security in the future and to prevent such attacks.
The security team is asking all users to change their Plex account password immediately. There is also a checkbox to log off connected devices after the password change. This throws out all previously connected devices – including the Plex media servers owned by the users – and requires a new password entry, but is recommended to improve security.
The email to affected users concludes that Plex would never ask for the password or credit card numbers via email. In order to secure the account even better, the provider also recommends activating two-factor authentication if you have not already done so. This does not help against burglary and data theft. But it makes it more difficult for the attackers to do more tricks with the captured data.
Plex users should be careful with emails regarding Plex in the future. Because the e-mail address can be linked to information such as user names and the Plex service, cybercriminals could create fraudulent or phishing e-mails that appear more genuine.