Plex Issues Urgent Warning To Reset Passwords After Another Data Breach
In a post on its community forums, the company says that “an unauthorized third party accessed a limited subset of customer data from one of our databases.” The information accessed includes usernames, e-mails, authentication data and passwords. The passwords do at least seem to have been securely hashed, which should make it more difficult for attackers to access them. However, even with this security measure, users should update their passwords as soon as possible.
The method the attackers used to get into Plex’s systems has been addressed, and the company is “undergoing additional reviews to ensure that the security of all of our systems is further strengthened to prevent future attacks.” Although longtime users will likely take this statement with a grain of salt because this recent breach is so reminiscent of the one that took place three years ago.
Plex has provided helpful instructions on how users can reset their password in the forum post, which includes an option that ensures all devices using the old password are signed out. That means having to deal with the inconvenience of singing all of the devices back in, but at least you won’t need to sign out of them all one by one.
For those of you running your own server, you might be surprised to see your media isn’t available after the password change. There’s no need to panic, though. Simply head over to your server settings, go to “General,” and you’ll see a button labeled “claim server.” Click on this button and everything will begin working again.
Hopefully the team at Plex can use the lessons of this breach to better harden their infrastructure.
