Plex Urges 15 million Users to Change Passwords due to Hacker Attack

Plex urges to change passwords
Written by Carina Wilson

Streaming media platform Plex has reported a hack and urges millions of its users to change their passwords urgently.

During the attack, the attackers managed to gain access to the database and steal data, usernames and email addresses belonging to at least 15 million people.

Let me remind you that we also wrote that Attackers Stole Credentials from Twilio Employees and Eventually Hacked the Company.

Letters that the administration of Plex sent out to users reported that the attackers were able to gain access to a “limited subset” of accounts.

However, the company encourages all users to change their passwords as soon as possible. However, Plex does not force password resets, and when you try to log in with old credentials, you are not prompted to reset your password. Everything will have to be done manually, and after changing the password, it is recommended to log out of all connected devices, and then log in again.

Rest assured that credit cards and other payment details are not stored on our servers at all and were not affected in this incident.

Also, Plex VP of Engineering Schuyler Ullman told TechCrunch that user account passwords are hashed (essentially encrypted so that it is impossible for a human to read and decrypt them) using the stronger bcrypt algorithm and further protected by cryptographic concepts known as salting and peppering. This makes it much harder for attackers to decrypt stolen passwords.

The Plex developers claim that they have already determined how outsiders were able to access the database and fixed the problem. However, the company does not disclose any details about the attack and the measures taken after it.

We have already reviewed the method that the third party used to gain access to the system, and we are conducting additional checks to ensure that we further harden the security of all our systems to prevent future intrusions. While account passwords have been secured according to best practices, we require all Plex users to reset their password.Plex recommends.

Interestingly, the plex.tv website has been down for quite some time, and it is not entirely clear whether this was due to unauthorized access to the database or the platform was subjected to a separate DDoS attack. Some users believe that the servers simply could not withstand the influx of people wanting to change the password.

About the author

Carina Wilson

With over 10 years' experience of writing for online and print media, I'm an expert in delivering clear and compelling copy.

I've written for a leading SEO copywriting agency as well as writing for some of the UK’s best known brands, magazines and newspapers.

Leave a Comment