HomeTech NewsCybersecurityPlex burglary: data removed, password change required

Plex burglary: data removed, password change required

Malicious actors have apparently broken into the databases of the streaming service and media server Plex. There they could steal personal data.

 

In addition to a media server, Plex also offers streaming services. Attackers have now been able to break into the Plex user database, the provider writes to affected users in an email. They would have had access to the access data.

Specifically, unusual activities were noticed on one of the databases on Tuesday of this week. The investigation that was launched revealed that an external party had access to a limited set of data. This includes email address, username and encrypted password. Although all access passwords accessible to the intruders were hashed and secured according to standard best practice, the security team decided that a password reset was required for all Plex accounts.

In the email to users, Plex points out that credit card information and payment data are not stored on their servers and were not vulnerable to the incident. The security specialists have already addressed the unspecified attack method used by the burglars to gain access to the system. In addition, further investigations and additional hardening of the systems are taking place in order to ensure their security in the future and to prevent such attacks.

The security team is asking all users to change their Plex account password immediately. There is also a checkbox to log off connected devices after the password change. This throws out all previously connected devices – including the Plex media servers owned by the users – and requires a new password entry, but is recommended to improve security.

The email to affected users concludes that Plex would never ask for the password or credit card numbers via email. In order to secure the account even better, the provider also recommends activating two-factor authentication if you have not already done so. This does not help against burglary and data theft. But it makes it more difficult for the attackers to do more tricks with the captured data.

Plex users should be careful with emails regarding Plex in the future. Because the e-mail address can be linked to information such as user names and the Plex service, cybercriminals could create fraudulent or phishing e-mails that appear more genuine.

Latest articles

What are the best smartphones tested by Voonze in September 2024?

Here is our selection of the best smartphones in 2024, all tested and validated...

Nvidia GeForce Now in September 2024: the start of the school year promises to be fantastic with Final Fantasy XVI and Age of Mythology

In this rainy back-to-school season, Nvidia unveils the list of games that will join...

More like this