Ars Technica reports that at least 15 million of Plex's 30 million subscribers had their usernames, emails, and encrypted passwords, but not payment card details, compromised following a data breach that impacted the streaming media platform's proprietary database.
In breach notification letters sent to customers, Plex emphasized that it had implemented password hashing that would require additional resources for attackers to convert to plaintext, with a company spokesperson noting that bcrypt had been used for hashing.
However, all customers have still been required to reset their passwords, as well as sign out from all connected devices following the password reset before returning to the platform. While various subscribers, including security researcher Troy Hunt, reported experiencing problems logging in their Plex accounts yesterday morning, Plex said that officials have already addressed the security weakness that enabled database compromise.
Further system review is also being conducted by company engineers to curb such breaches in the future, according to Plex.
Related Terms
Attack VectorAuthenticityChallenge-Handshake Authentication Protocol (CHAP)CiphertextCryptanalysisCryptographic Hash FunctionsData AggregationDecryptionIdentity TheftInference AttackGet daily email updates
SC Media's daily must-read of the most current and pressing daily news