Media streaming platform Plex has been hacked along with user passwords and personal data theft (opens in new tab), the company has confirmed.
Plex sent its users an email notification explaining the situation, and asking them to change the password as soon as possible.
The email noted that a "limited subset" of accounts were compromised, but that the stolen data was "hashed and secured in accordance with best practices."
plex password
No further details were provided, including how the breach occurred, how many users were affected, or whether the passwords were salted.
The only thing we know is that the payment data wasn't stolen, as Plex says it doesn't keep that kind of data around, and that any hole the threat actor crawls through can be was patched. Plex has "already addressed the method that this third party employed to gain access to the system," it said.
It is also notable that users were "kindly requested" to change their passwords, suggesting that the update is not mandatory. Even though people rushed to change their login credentials, many couldn't, as Plex's servers collapsed due to the increased traffic.
This isn't the first time Plex's cyber security issues have made headlines. In early 2021, it was revealed that DDoS-for-hire services were taking advantage of some security flaws in Plex Media Server systems as a UDP reflection/amplification vector in DDoS attacks.
This isn't the first time Plex's cyber security issues have made headlines. In early 2021, it was revealed that DDoS-for-hire services were taking advantage of some security flaws in Plex Media Server systems as a UDP reflection/amplification vector in DDoS attacks.
The company responded quickly to the news, releasing a software patch that fixed the problem.
