- Plex Led a Data Consideration of E emails, Usernames and Hashede Passwords
- Users are encouraged to change passwords and enable two-factor-approval
- A separate vulnerability in Plex Media Server was patched in August
Popular media server and streaming platform, Plex, warned its users to lose their sensitive data in a cyberattack and encouraged them to update their passwords as a result.
In a forum post published on September 8, Plex said it recently experienced a “limited influence” security event when an unauthorized third party opened a subgroup of customer data.
“While we quickly contained the incident, information included access to E emails, usernames, securely hashed passwords and approval data,” the post reads. Credit cards or other payment data were not accessed as it was not even stored on corporate servers.
Hashed -Thaglot codes are unreadable
The passwords were Hashed “in accordance with best practice,” Plex said further, explaining that the hackers cannot read them. Still, to be on the safe side, the company recommends users log out of all sessions and change all passwords. It also emphasizes that it will never reach out via E email to ask for a password or credit card number, which suggests that miscreans may start sending phishing -attacks to the e -mail accounts they got in the attack.
“For further account protection, we also recommend activating two-factor approval in your PLEX account if you haven’t already done so.”
As a media server and streaming platform, PLEX allows users to gather, organize and stream personal media such as movies, TV shows, music, photos and more on almost any device. It’s pretty popular, with some sources claiming it has more than 25 million active users.
In mid-August of this year, Plex said it patched a mysterious vulnerability that affects its Plex Media Server product and has asked users not to delay the application of the correction. The company received a report via its Bounty program on a potential security problem affecting Plex Media Server versions 1.41.7.x to 1.42.0.x and came shortly afterwards with a patch.
Via Bleeping computer
