"The company said in a post on Monday that it was aware of a security incident involving the theft of Plex customer account information, including user names, email addresses, scrambled passwords, and unspecified authentication data. Plex said while the passwords were scrambled in a way that made them unreadable to humans, it's unclear if the passwords can be deciphered or if the stolen authentication data could be used to gain access to customer accounts."
"While it is common for organizations who experience data breaches of user information - even if that data is scrambled - to force-reset passwords to prevent malicious access to customer accounts, it's unclear why Plex chose not to take this approach. Plex has said little else about the breach, though it did say that the company "addressed the method that this third party used to gain access to the system." Plex did not specify more details, or what the risks to its customers may be."
Plex acknowledged theft of customer account information including usernames, email addresses, scrambled passwords, and unspecified authentication data. The scrambled passwords were unreadable to humans, but it remains unclear whether they can be deciphered or whether the authentication data can be used to access accounts. Plex urged customers to change passwords via its reset form and to sign out connected devices. Plex said it addressed the method used by a third party to gain access but provided few further details. The number of affected customers, the breach timeline, the duration of access, and whether ransom demands were made remain unknown.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]