The streaming media service Plex revealed earlier this week, that it had been compromised by hackers who gained access to a confidential database and stole the data of users.
These information to be more specific were the usernames, passwords, and email addresses of at least half of its 30 million users.
They started an investigation right away, and it does seem that a third party was able to access a small fraction of data that includes emails, usernames, and encrypted passwords. In a message to clients, business representatives stated that they had found “strange behavior” on one of their databases the day before:
The passwords were cryptographically scrambled in a way that requires attackers to invest additional resources to decipher the hashes and restore the passwords to their plaintext state, according to the email’s claim that they were “hashed and secured in accordance with best practices.”
According to a Plex representative, the passwords were hashed using bcrypt, one of the most effective password-protection methods. To make breaking more difficult, bcrypt automatically adds cryptographic salting and peppering.
However, the business is requiring all clients to change their passwords. Here are detailed instructions. After changing the password, the business suggests logging out of all connected devices and then logging back in as a precaution.
The email further stated that the incident is unaffected because no credit card information was kept in the database that was accessed.
On Wednesday morning, a number of users reported having issues login into their accounts. Troy Hunt, a security expert, shared a screenshot of the issues he encountered while attempting to enter into his account.
One of the top providers of media streaming services is Plex, which enables users to play games, stream movies and music, and access their own content that is stored on personal or business media servers.
You can search and access all the media that important to you using Plex in one location. You can access everything in one app, on any device, including personal material on your own server, free and on-demand movies and TV series, live TV, podcasts, and online shows, as well as streaming music. The bulk of the company’s more than 30 million registered users, according to the Plex representative, were impacted by the breach.
According to the letter sent out on Wednesday, corporate representatives have already identified the technique the hackers used to access the database and have remedied it. Engineers keep conducting more audits to stop similar breaches from happening again.