The streaming media service Plex confirmed today that it suffered a security breach in an email it sent out to its customers asking them to change their passwords.

In the email, Plex revealed that Tuesday it “discovered suspicious activity” happening on one of its databases and immediately began investigating. The company said that it discovered that a hacker had gained access to a “limited subset of data” that included emails, usernames and encrypted passwords.

Plex maintains one of the largest media streaming platforms in the world serving more than 25 million registered users. It also allows users to stream movies and live television as well as audio, video and photos hosted on their own home media servers.

All account passwords and usernames accessed were hashed with encryption. This means that they were scrambled in a fashion that makes them unreadable and inaccessible without a specific encryption key. Plex did not reveal the technology used to encrypt them. This does not mean that the encryption cannot be broken given enough time and effort.

As a result, Plex is requiring that users reset their passwords “out of an abundance of caution.”

The company added that credit card and payment data is not stored on its servers, therefore the attacker could not have accessed it.

So many users rushed to the Plex servers in an attempt to reset their passwords that many began to report that the process was slow or intermittent.

Plex did not forcefully log out users to force them to reset their passwords. So, users who are currently logged in will need to reset their passwords manually and those already signed out will be asked to reset their passwords upon sign in.

The company also offers two-factor authentication, which uses a secondary form of verification aside from a password to heighten security. For example, when logging in from a new location, the server may send a code via text to verify the user when logging in.

Troy Hunt, the creator of Have I Been Pwned a website that aggregates emails that have been leaked, had originally revealed the email sent by Plex, additionally said using a password manager like 1Password or KeePass to avoid reusing passwords could further increase security. Users who use the same username and password combination across multiple services they can leave themselves open to being hacked.

Plex did not reveal any details on the attack itself except that the company has “already addressed the method the third-party employed to gain access to the system” and that the team is doing additional reviews to ensure that it cannot happen again.

Image: Plex

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.


Source link

Load More By Michael Smith
Load More In Technology
Comments are closed.

Check Also

Autocar magazine 1 February: on sale now

[ad_1] This week in Autocar, we put Porsche’s new 911 ‘SUV’ through its paces, break the s…