Plex informed its subscribers of the security issue and instructed them to update their passwords and enable two-factor authentication in an email shared to The Record.
Tuesday’s attack of the streaming media service Plex resulted in the disclosure of usernames, passwords, and email addresses of users.
The business let its customers know that it had found the source of the breach and was taking precautions to avoid it happening again.
Plex claims that this is merely a precaution since all passwords for accounts that could have been acquired by hackers were hashed, or changed into incomprehensible strings of characters that are difficult to change back. The “salt and pepper” method, in which each password is prefixed with a special, random string of characters known only to the website, was used to transform user passwords on Plex.
According to its website, Plex is one of the most popular media streaming apps with more than 25 million registered users. Over 250 free live television stations are available worldwide on the site, along with more than 50,000 free on-demand movies and television series.
According to Troy Hunt, creator of data breach monitoring firm Have I Been Pwned, users were unable to immediately reset their credentials since the Plex server crashed purportedly due to overload.
The business didn’t mention how many of its customers were impacted by the breach or what problems customers were having with its server. Customers of Plex received an email stating that hackers had accessed “a restricted fraction of data.” Receivers were reassured by the business that no credit card or payment information was kept on its servers.
Without going into more information, Plex stated that “the actual impact of this incident is limited.” The business has not yet made the breach public on its website, and inquiries for more information about the incident were not answered.