Plex Data Breach: Change Your Password Now

Plex Urges Password Changes Following Data Security Incident

Plex, a prominent streaming service provider, is advising its user base to update their passwords. This recommendation follows the disclosure of a data breach impacting one of the company’s user databases.

Details of the Breach

The company announced on Monday that it had become aware of a security incident. This incident involved the unauthorized access and theft of Plex customer account information.

Compromised data included usernames, email addresses, and passwords that were scrambled. Additionally, unspecified authentication data was also accessed.

Password Security Concerns

While Plex states the passwords were scrambled, rendering them unreadable to individuals, the potential for decryption remains unclear. There is also uncertainty regarding whether the stolen authentication data could be exploited to compromise customer accounts.

To mitigate potential risks, Plex is directing customers to change their passwords. This can be done by visiting the company’s password reset form.

Furthermore, Plex is requesting users to sign out of all connected devices as a precautionary measure.

Unusual Response to the Breach

Typically, organizations experiencing data breaches, even involving scrambled data, will enforce a password reset for all users. This proactive step aims to prevent unauthorized account access.

However, Plex has not chosen to implement this approach, a decision that remains unexplained.

Limited Information Released

Plex has released limited details regarding the breach. The company confirmed it has “addressed the method” used by the third party to gain access to its systems.

Specific details about the access method, or the potential risks to customers, were not disclosed.

Lack of Transparency

Plex spokesperson Jessica Finn did not respond to inquiries from TechCrunch prior to publication.

A subsequent email from Finn reiterated the company’s initial post but did not address specific questions concerning the incident.

Hashing Algorithm Details Withheld

When questioned, Plex declined to reveal the specific hashing algorithm used to scramble customer passwords.

The strength and effectiveness of hashing algorithms vary, with weaker algorithms being susceptible to cracking and data decryption.

Scope of the Impact

The number of customers affected by the breach has not been disclosed. Plex reports having approximately 25 million users worldwide.

The timeframe of the breach, the duration of unauthorized access, and whether the incident is confined to Plex’s systems are also currently unknown.

Nature of the Cyberattack

Plex has not yet characterized the nature of the cyberattack. It is also unclear if the company has received any communication from the attackers, such as a ransom demand.

This article has been updated to reflect a post-publication response from Plex.

If you possess additional information regarding the Plex data breach, or were directly notified about it, please contact this reporter securely via encrypted message on Signal at zackwhittaker.1337.