Streaming platform Plex is warning some users to reset their passwords after suffering yet another breach.
The popular media server provider, which people definitely use only for legitimately downloaded content, said in an email to customers, seen by The Register, that emails, usernames, and securely-hashed passwords were potentially stolen.
“Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party,” the email reads.
“Out of an abundance of caution, we recommend you immediately reset your password by visiting https://plex.tv/reset. Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident.”
The notification may leave longtime Plex customers with a sense of déjà vu, given that its previous unauthorized intrusions in 2022 and 2015 both involved the theft of hashed passwords.
According to HaveIBeenPwned, the 2015 breach, which exposed more than 327,000 accounts, was especially concerning because of the weak implementation of salted hashes, one that left passwords open to rapid cracking.
The full details of the latest attack were not revealed, such as the number of accounts affected, but the same data types were affected as in the 2022 incident.
Plex said it believes that the impact of the breach is “limited,” and that it has already addressed the method the attacker used to break into its database.
The email added: “We’re undergoing additional reviews to ensure that the security of all of our systems is further hardened to prevent future attacks.”
- Plex gives fans a privacy complex after sharing viewing habits with friends by default
- Attacker snags account details from streaming service Plex
- Plex plucks media cloud service, sends users scurrying to exit
- Hacker plunders Plex, demands bitcoin payoff to avert FULL EXPOSURE
Customers were promp