Media streaming app and server Plex is urging all users to change their passwords immediately after a “potential data breach” stemming from a hack of its systems. The team said it detected suspicious activity in one of its databases on Tuesday, which included usernames, emails and encrypted passwords accessed by unknown hackers.
Soon after the email was sent to users warning them to change their passwords, the Plex.tv website crashed, possibly under the weight of the number of people trying to change their login details.
Technical monitor contacted Plex about the cause of the site being down, prompting some users to take to Twitter to complain that once they log out of all devices, they can’t get back in because the site is down.
Plex is one of the most popular self-hosted video platforms on the market. It is a client-server media player that allows users to access photos, video and audio from their own collection, which can be stored on Windows, macOS, Linux or on a dedicated device such as a network attached storage device and a digital media player.
The primary interface for accessing these devices is an app available on a desktop computer, mobile device, and most smart TVs and media devices. Users can then view video, audio and photos on multiple devices simultaneously. More recently, the service began providing other free TV and movie streaming platforms within the Plex interface.
In an email sent to users affected by the data breach, Plex wrote: “While we believe the actual impact of this incident is limited, we want to ensure you have the correct information and tools to keep your account secure.”
The streaming service launched an investigation soon after noticing the unusual activity and found that the hacker had obtained a “limited subset of data” and although passwords were “hashed and secured in accordance with best practices”, it is recommending that users change passwords .
The company says no payment data was stolen because it is not stored on Plex servers and as such “is not vulnerable in this incident.”
Content from our partners
Plex hack: security check continues
Plex says it has looked into the method used to access its databases and is conducting further reviews “to ensure that the security of all our systems is further strengthened to prevent future intrusions”.
“In short, we kindly ask that you immediately reset your Plex account password,” Plex said in an email. He also urged users to check the box to log out of all devices, adding that “it’s a headache, but we recommend doing so for added security.”
“We sincerely apologize for the inconvenience this situation may cause. We are proud of our security system and want to assure you that we are doing everything we can to quickly fix this incident and prevent future incidents from occurring.
“We are aware that third parties will continue to attempt to penetrate IT infrastructures around the world, and rest assured that we at Plex will never be complacent in strengthening our security and defenses.”
Jake Moore, global security advisor at security provider ESET, praised Plex for taking swift action to alert users to the data breach. He said Technical monitor: “Plex has refreshingly enforced a password reset for all accounts and let all users know what they need to do now.
“The consequences of most data breaches are rarely open and transparent, but this one seems to be bucking the norm and offering customers what they need. Once data is exfiltrated, users should be notified immediately in case it puts other accounts at risk, but so often we see companies keep this information from their customers until they do, which is often too late.