The streaming media service Plex revealed on Wednesday that it had been compromised by hackers who gained access to a confidential database and stole the usernames, passwords, and email addresses of at least half of its 30 million users.
The numbers were cryptographically jumbled in a way that requires attackers to invest additional resources to decipher the hashes and restore the passwords to their plaintext state, according to the email’s claim that they were “hashed and secured.”
However, the business is requiring all clients to change their passwords. Here are detailed instructions. After changing the password, the business suggests logging out of all connected devices and then logging back in as a precaution.
Plex Assures Users That Their Data Is Safe
The email further stated that the incident is unaffected because no credit card information was kept in the database that was accessed.
On Wednesday morning, several users reported having issues login into their accounts. Troy Hunt, a security expert, shared a screenshot of the issues he encountered while attempting to enter into his account. Two employees of Ars claimed that while having problems at first, they were eventually able to access their accounts. A third user linked to Ars said that after changing his password, Plex instantly sent him an email telling him to change it again.
When he was unable to log in with the new password, the email put him in a loop. One of the top providers of media streaming services is Plex, which enables users to play games, stream movies and music, and access their content that is stored on personal or business media servers. The bulk of the company’s more than 30 million registered users, according to the Plex representative, were impacted by the breach.
According to the letter sent out on Wednesday, corporate representatives have already identified the technique the hackers used to access the database and have remedied it. Engineers keep conducting more audits to stop similar breaches from happening again.