Plex breach discloses Emails, Usernames, and Encrypted Passwords

Streaming media platform Plex mailed out an email to its customers earlier today informing them of a protection breach that may have compromised account information, including email addresses, usernames, and passwords.

Although there is no signal that the encrypted passwords were revealed, Plex recommends all users change their passwords immediately.

Plex is one of the biggest media server apps available. Around 20 million people employ it to stream audio, video, and photos they upload themselves, in addition to an increasing assortment of content the service provides paid subscribers.

The email declares, “Yesterday, we located suspicious activity on one of our databases. We instantly began an investigation, and it does appear that a third-party was able to access a limited subset of data that incorporates emails, usernames, and encrypted passwords.” However, there is no confirmation that other personal account data has been compromised, and there’s no remark of private media libraries having been accessed in the breach.

Plex comforts customers that “all account passwords that could have been accessed were hashed and attached following best practices.” Financial information also seems safe despite the breach. The email states, “credit card and other payment data are not kept on our servers and were not vulnerable in this incident.”

The cause of the breach has been found, and Plex has taken action to prevent others from taking advantage of the same security flaw. “We’ve already addressed the method this third-party employed to access the system. In addition, we’re doing additional reviews to ensure that our systems’ security is further hardened to prevent future incursions.”

If you have a Plex account, you should take steps to secure it immediately following these instructions provided by the company. You should also enable 2-factor authentication if you haven’t already. Plex puts the Two-Factor Authentication option under your Account page.

It would also help if you used a free or paid password manager to manage unique, easy, difficult-to-guess passwords and 2fa codes across all your apps, services, and sites. Web browsers like Microsoft Edge, Google Chrome, and Safari have decent built-in options, though dedicated services are also available from Bitwarden, 1Password, and Lastpass. In addition, some password managers will alert you to passwords breached online and autofill passwords when prompted by apps and websites on your desktop and phone.

Plex is an American streaming media assistance and a client-server media player platform created by Plex, Inc. The Plex Media Server contains video, audio, and photos from a user’s collections and online services and rushes them to the players. The official clients and unofficial third-party clients drive on smart TVs, mobile devices, streaming boxes, and web apps.

It was still employed on the Media Server browser interface until before August of the same year.

Plex started as a freeware hobby project in December 2007 when developer Elan Feingold created a media center application for his Apple Mac. Then, he ported the media player XBMC to Mac OS X. Around the exact time, Cayce Ullman and Scott Olechowski—software administrators who had recently sold their previous company to Cisco. They also looked to port XBMC to OS X and witnessed Feingold’s progress thru XBMC online forums. They contacted him and supported and funding, incorporating a three-person team in January 2008.

The team released early interpretations of the port, OSXBMC, intended for full integration into Mac OS X. The developers restarted collaborating with the Linux-based XBMC project until May 21, 2008. Due to different goals and visions from the XBMC team, they soon forked the regulation to become Plex and broadcasted it on GitHub. The OSXBMC code was held approximately in sync with the upstream XBMC code.

In December 2009, Plex Inc. was established with Ullman as CEO and Feingold as CTO. At that time, Plex contained 130 apps, the most prevalent of which were viewers for Hulu, Netflix, MTV Music Videos, Apple Movies Trailers, YouTube, BBC iPlayer, and Vimeo. Feingold stated Plex apps had been downloaded nearly one million times. As of July 2016, Plex had 65 employees.

In December 2019, Plex, Inc. declared ad-supported video on demand (AVOD) of movies and TV shows available globally to Plex free accounts from publishers, including MGM, Lionsgate, Warner Bros. Domestic Television Distribution, and Legendary. It had about 100 global employees as of August 2019. Plex is a media player strategy with a client-server model. Plex Media Server stores, organize, and streams all content, while the clients are the playback applications running on various devices and web browsers.

Plex Media Server is the back-end component, free of charge. It can formulate content from files, iPhoto, Aperture, iTunes, or the Internet and automatically categorize them by metadata tags such as album, genre, title, artist, year, and popularity. It includes audio and visual content from personal media libraries and streams it to the player on the same gadget or over a network. PMS can drive on macOS, Linux, Windows, FreeBSD, NAS devices, or on Nvidia Shield TV.

The front-end player apps are Plex Web App, Plexamp, Plex, and Plex Dash. They permit the user to manipulate and play all content from the Plex Media Server. Most apps are free of expense. The Plex app is the beneficiary of the Plex Media Player. It runs on many platforms: Amazon Appstore, Android, Chromecast, Roku, iOS, PlayStation, Apple TV, Android TV, Sonos, Oculus Go, webOS, Tizen, Windows, Xbox, and macOS.

Free Plex accounts can share personal media libraries among a user’s collection of devices or friends and access Plex, Inc.’s content library of ad-supported video on demand (AVOD) and free-to-stream live TV channels. The publishing partners have included Tidal, Warner Bros. Television Studios, MGM, Lionsgate, Legendary, Crackle, and Endemol Shine. Plex Pass is the optional paid-subscription service including mobile synchronization, metadata fetching for music, multi-user support, parental controls, OTA live TV and DVR, trailers, extras, and cross-selling offers.