Cybercriminals all over the world are elevating their techniques to gain as much as they can in the process. And what better way to do so than to target big companies? A few weeks back, none other than Bandai Namco witnessed a huge breach. Now, the popular service Plex has suffered the same fate.
Plex has a lot of users, which can cause huge damage. In fact, whoever did this, managed to tap into a subset of data that includes emails, usernames, and encrypted passwords.
The threat is there and the service is urging everyone to change their passwords. How big is the breach? How many were affected? We’ve discussed everything below.
The Plex Breach – Millions at Risk
Plex is one of the largest media streaming services in the United States. In fact, the channel has around 20 million users streaming video, audio, and photos they upload themselves.
Not to mention the content it offers for both paid and free customers. The service isn’t just popular in the US, it’s well known all over the world.
It’s available in almost 200 countries (Different libraries, but still available worldwide). This is how global the service has become.
Unfortunately, with such growth, the channel has also become a major attraction for cybercriminals. As customers ourselves, we received an email from Plex informing us about the breach.
“Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.
Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset.
Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.
We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions.”
While the account passwords were secured in accordance with best practices, we’re requiring all Plex users to reset their password.
We have to give Plex credit for informing us on the spot. Other companies take too much time to disclose a breach, which puts their customers at risk. This time around, Plex immediately reached out and opted for its users to change their passwords.
The threat actors behind this were able to harvest a small amount of data that included passwords, emails, as well as usernames.
But according to the company, credit card and other payment data are not stored on its servers, so it was not affected by the attack.
Plex Hit Hard – When Entertainment Turns Malicious
Plex took action and it found the method used to breach its servers. It has addressed the issue and it’s implementing additional steps to ensure that the security of all of its systems is further equipped to prevent such future incidents.
This Plex breach is both a hit and a wake-up call. The company urges its customers to reset their passwords, but it shouldn’t end here.
We also recommend you use a password generator, and a password manager, and set up two-factor authentication wherever possible. Not only does it significantly make it harder for attackers to take over your online accounts, but it also might prevent future hacking attempts.