Security incident at Plex: User data stolen from media server provider
Unknown attackers have stolen data from Plex users. They must now react quickly and also reset the connection to their media servers.
(Image: Shutterstock.com/pixinoo)
Cyber criminals have stolen user data from the manufacturer of the Plex media server. Plex Incorporated informed its customers of this by email. The attackers had accessed a “limited subset” of data from a customer database without authorization. All Plex users are now called upon to change their passwords and reconnect media servers.
According to the Plex team, email addresses, usernames, and password hashes have been lost. The latter have been hashed “in accordance with recognized practices” and are therefore unreadable by attackers. Credit card data was not affected, the Plex operators assure us. The incident was quickly contained and the security gap closed –, but the data outflow could not be prevented.
Users of the self-hosted media server should change their password immediately and also decouple all connected devices from their account. This impacts all playback devices (such as smartphones, tablets, or smart TVs), but also the media server itself, which must then be re-linked to the account (“claimed” in Plex jargon). The Plex team apologizes for the extra work but justifies it with the increased account security. They also advise their customers to activate two-factor authentication.
Videos by heise
Danger of phishing and stress in the forum
As the criminals have captured the usernames and email addresses of Plex customers, they can now write very realistic-looking phishing emails. The security notice warns of this danger and points out that neither passwords nor payment details should be requested by e-mail.
Shortly after the announcement, the manufacturer's help forums and the Plex subreddit saw an increase in inquiries from stressed customers. Several of those affected were no longer able to access their media server after the password change, often due to peculiarities with container-based or NAS installations. Anyone experiencing similar difficulties after changing their password should first consult the support article and forum posts such as this one and this one.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externes YouTube-Video (Google Ireland Limited) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Google Ireland Limited) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
In recent months, users of the popular media server have not had an easy time of it. First, Plex put off some customers by changing its business model, and then there was a security vulnerability in the server software in August. The uninvited visit to the Plex customer database is also not an isolated incident: criminals copied user data back in 2022 and cracked the Plex forum ten years ago.
(cku)
