Another day, another example of people with nothing better to do than try and steal other people's information.
Plex, the popular home media software, has declared it suffered a security incident that has affected some of its users account information.
While they say that passwords are securely hashed and the impact is limited, it's still prudent for its users to change their password at the very least.
Here's the outline of what happened via the Plex support forums:
"We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure.
An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data.
Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. Out of an abundance of caution, we recommend you take some additional steps to secure your account (see details below). Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident."
Plex goes on to say that the issue that allowed the unauthorized access has been addressed and that the teams are reviewing and strengthening other systems to ensure they're protected.
What users need to do now, first of all, is to change their passwords. And, if you don't have 2FA enabled, you should definitely go ahead and do that. Wherever it's available, always use it.
If you use a password to login, then you'll need to reset it. If you use single sign-on to login, you'll need to go into your account settings and sign out of all devices. The support link above walks you through everything you need to get this done.
Additionally, Plex has reiterated that it does not store credit card information on its servers, so no payment information has been affected by the breach.
It's inconvenient, but it's always prudent to take action when such breaches occur on services you use. At least it seems that Plex has been proactive and timely in addressing both the breach and informing its customers, so hopefully there's no real harm done to any users.
It's a timely reminder, too, to ensure you're keeping your accounts healthy for any type of online service. Don't stick with passwords too long, make sure they're complex (and use a password manager to help with those) and never click on any shady emails that look like they're from the company.
