Streaming media platform Plex warns users to reset passwords after data breach
Daryna Antoniuk August 25, 2022

Streaming media platform Plex warns users to reset passwords after data breach

Streaming media platform Plex warns users to reset passwords after data breach

Streaming media platform Plex was hacked on Tuesday, exposing customers’ passwords, email addresses, and usernames.

In an email forwarded to The Record, Plex notified its users of the security breach and advised them to reset their passwords and enable two-factor authentication.

According to Plex, this is just a precaution since all account passwords that could have been accessed by hackers were hashed — converted into unreadable strings of characters that cannot easily be converted back. User passwords on Plex were converted with the “salt and pepper” technique, in which a unique, random string of characters known only to the website is attached to each password before it is hashed.

The company informed its users that it had already identified the cause of the breach and was taking steps to prevent future incidents.

Users were unable to reset their passwords right away, as the Plex server went down allegedly due to overload, according to Troy Hunt, founder of data breach monitoring service Have I Been Pwned.

Plex is one of the largest media streaming apps with more than 25 million registered users, according to its website. The platform offers more than 50,000 free on-demand movies and shows and over 250 free live television channels worldwide.

The company didn’t disclose how many of its users were affected by the breach, nor did it address the issues users were experiencing with its server. According to an email sent out to Plex customers, hackers had accessed “a limited subset of data.” The company assured recipients that credit card and payment data is not stored on its servers.

Plex claimed that “the actual impact of this incident is limited,” but didn’t provide further details. The company has yet to announce the breach on its website and did not respond to requests for more information about the hack.

Daryna Antoniuk is a freelance reporter for The Record based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.