"Plex recommends using the option that automatically logs out all connected devices after the change. This ensures that active sessions that could potentially be exploited by third parties are terminated and that users must log in again with their new credentials. Users who log in via Single Sign-On must take an additional step: they must manually log out of all devices via plex.tv/security and then log in again with their new login details."
"The company emphasizes that no credit card details were stolen because such information is not stored on its servers. In addition, Plex recommends that users enable two-factor authentication for extra protection of their accounts. Plex says it has now closed the method used by the attacker to gain access. However, the company is not sharing any technical details about the attack or the origin of the breach."
"This is not the first time Plex has asked customers to change their passwords after an incident. In August 2022, the company was hit by a similar data breach. Then, too, hashed passwords and authentication data fell into the wrong hands. Plex apologizes for the inconvenience and states that internal detection systems helped to quickly identify the incident. The company says it will implement further security measures and build in additional controls to prevent a recurrence and maintain the trust of its customers"
Plex experienced unauthorized access to a customer database exposing email addresses, usernames, hashed passwords, and authentication data. Passwords were hashed according to current best practices, but the specific algorithm was not disclosed, leaving potential for cracking attempts. All users are advised to reset passwords immediately via plex.tv/reset and to enable two-factor authentication for extra protection. Users should choose the option to log out all connected devices after changing passwords; Single Sign-On users must manually log out via plex.tv/security before signing in again. No credit card details were stolen. Plex closed the attack vector, detected the incident quickly, apologized, and plans further security measures.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]