The popular home media server service Plex suffered a data breach urging its users to reset their passwords.
The popular home media server service Plex suffered a data breach urging its users to reset their passwords.
Exposed data included usernames, emails and encrypted passwords. In response to the unauthorized access to its database, the company urges all its users to immediately reset account passwords and log out of all devices connected to its service.
According to the company, financial and payment data were not compromised as it is not stored on its servers. Plex also recommends enabling two-factor authentication for its users.
On Wednesday morning, many users reported experiencing issues while attempting to log in to their accounts.
“A number of users report getting “Not authorized” or “You do not have access to this server” messages for their own servers. Some report success when logging in and claiming the server again, though others have had no luck with this.” reported the website 9to5mac. “Plex has not arranged sufficient additional bandwidth to cope with the flurry of password change attempts. Additionally, the password reset page asks for the new password before the existing one, which is unexpected and may account for some of the failures.”
The company has been sending out emails to alert users to inform them what has happened and what they should do next.
A Plex representative told Ars Technica that user passwords were hashed using bcrypt, one of the most effective password-protection algorithms, which automatically adds cryptographic salting and peppering to make cracking more difficult.
The company said it has discovered how the databases were accessed and have taken measures to prevent such an incident from happening again. Further security measures would be considered after an assessment is completed.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?