Streaming Giant Plex is urging customers to change their passwords after revealing a data breach in one of their user databases.
In a post Monday, the company said it is aware of security incidents related to theft of PLEX customer account information, including username, email address, scramble password and unspecified authentication data.
It is unclear whether Plex can crack the password while it is scrambled in a human-free way, or if it can access the customer account using stolen authentication data.
The company has said that customers need to access Plex’s password reset form and change their password. Plex asks users to sign out of connected devices.
Although it is common for organizations experiencing data breaches of user information to force reset passwords to prevent malicious access to customer accounts, even if the data is scrambled, it is unclear why Plex chose not to take this approach.
Plex said little else about the violation, but the company said it “addressed the method this third party used to gain access to the system.” Plex did not specify details or what the risk to the customer was.
When contacted by email, Plex spokesman Jessica Finn did not provide a response to TechCrunch on a per press time basis. In a later email, Finn provided a statement that repeated the company’s posts but did not answer specific questions about the case.
Plex also says that when asked, he is not asked what specific hash algorithm the company uses to scramble a customer’s password. Hashing algorithms can vary depending on strength and effectiveness, and some weak algorithms can be cracked to decipher the scrambled data.
The company did not say how many customers would be affected. According to the website, Plex has around 25 million users worldwide. It’s also not known when the violation occurred, how long the hackers will have access, when Plex discovers the violation, or whether the incident is limited to Plex’s own system.
Plex has yet to explain the nature of cyberattacks. Or if you are contacted by a hacker, such as whether demand for ransom has been created.
Updated to note post-publishing responses from PLEX.
Do you know more about Plex data breaches? Have you been notified of the violation? Please contact this reporter securely via a message encrypted with Zackwhittaker.1337.
Source link
