Threat Watch

Media Streaming Platform Plex Suffers Data Breach

On August 24th, 2022, Plex sent a subset of its users a notification of an incident that occurred on August 23rd, where they discovered suspicious activity on one of their databases. Plex noted that the attacker, who is unknown at this time, was able to access a limited subset of data, including emails, usernames, and “encrypted” passwords. No credit card or other payment data was stolen in this incident. Plex goes on to note that while all passwords were hashed and secured in accordance with best practices, all affected users should change their passwords out of an abundance of caution.

While Plex has advised users affected by this breach to reset their passwords, the password reset isn’t enforced via automatic sign-outs. Additionally, users are still able to log in with their old credentials without a prompt to change their password upon logging in. The true impact of this breach is unclear at this time, with some users reporting that the problem doesn’t seem to impact free accounts, but this claim is not yet verified at the time of writing. Further, in the early hours of August 24th, the Plex.tv website experienced an outage – it is unknown if this outage is related to the unauthorized database access, a separate DDoS attack, or something else entirely.

ANALYST NOTES

This data breach highlights the need for two things: multifactor authentications and randomly generated passwords stored in a password manager. By enabling multifactor authentication, a user would prevent their Plex account from being breached, where further information such as a first/last name or other PII could likely be obtained. By using randomly generated passwords in a password manager, a user would be unlikely to reuse the same password for other accounts, preventing additional account compromise if the attacker was to try the same credentials on different sites.

https://www.bleepingcomputer.com/news/security/plex-warns-users-to-reset-passwords-after-a-data-breach/

https://www.bleepstatic.com/images/news/u/1220909/Security/plex-letter.jpg