Everything we know about the Plex data breach so far

(Image credit: Getty Images)

The Plex streaming platform had told customers to reset their passwords following a data breach.

In an advisory, the company said users should also sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.

"An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included device type, emails, user names and authentication data," it said.

"We’ve already addressed the method that this third party used to gain access to the system, and we’re undergoing additional reviews to ensure that the security of all of our systems is further strengthened to prevent future attacks."

Plex also said that any account passwords accessed were securely-hashed, and couldn't be read by a third party. It added that credit card data wasn't stored on its servers and was therefore secure.

Who is responsible for the Plex data breach?

No group has claimed responsibility for the attack thus far. While it's not known how many people may have been affected, the company has around 25 million users around the world.

Kev Breen, senior director of cyber threat intelligence at Immersive, said this makes Plex – and other streaming services – an attractive target.

“The infrastructure of streaming platforms often includes cloud storage, content delivery networks, APIs, and user-facing apps. This complex infrastructure creates multiple entry points for attackers to exploit," Breen commented.

"As well as personally identifiable information, streaming platforms also store data on user preferences, meaning attackers can develop more targeted social engineering campaigns. Such data is likely to be leveraged by cyber criminals to extort money from Plex, as well as for identity theft and phishing campaigns.

Plex has previous

This isn't the first time that Plex has experienced a data breach. Back in 2015, threat actors gained access to the company's forum and blog server, exposing IP addresses, private messages, emails, and encrypted forum passwords.

Similarly, in 2022 the company warned customers of a breach after a database containing account information such as usernames and passwords was compromised.

Its message to users was uncannily similar to those being received by customers today. On that occasion, though, the company's servers struggled to cope with the large volume of password reset requests being made.

Breen warned that it's not just home users that need to take the warning seriously.

"Plex is unlikely to be used in an enterprise setting; however, people often re-use passwords or follow patterns when creating them. This means that a user affected at home could also have an impact on organizations," he said.

"Business leaders must be able to demonstrate cyber capabilities across their workforce through regular exercises, and improve them through targeted skills development.”

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.