""Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party," the email reads. "Out of an abundance of caution, we recommend you immediately reset your password by visiting https://plex.tv/reset. Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident.""
"The notification may leave longtime Plex customers with a sense of déjà vu, given that its previous unauthorized intrusions in 2022 and 2015 both involved the theft of hashed passwords. According to HaveIBeenPwned, the 2015 breach, which exposed more than 327,000 accounts, was especially concerning because of the weak implementation of salted hashes, one that left passwords open to rapid cracking."
Plex experienced a data breach in which emails, usernames, and securely-hashed passwords were potentially stolen. The company stated that accessed passwords were securely hashed and recommended immediate password resets via https://plex.tv/reset. Plex asserted that credit card data is not stored on its servers and was not compromised. The incident echoes prior intrusions in 2022 and 2015 that also involved stolen hashed passwords, with the 2015 breach notable for weak salted-hash implementation. Plex believes the impact is limited, says it has addressed the attack vector, and is conducting additional security reviews while urging users to enable device logout on password changes.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]