Plex users are prompted to reset their passwords as soon as possible after the popular media platform found out that a bad actor had gained access to one of its internal systems, according to Engadget.
Plex warned users of the issue and asked them to change their passwords "out of an abundance of caution," as per MacRumors.
Plex Launches an Investigation Following the Discovery of Suspicious Activity
According to Plex, an investigation was immediately launched after it observed a suspicious activity in one of its databases.
The digital media player and streaming service company said that it appears that a third-party entity obtained access to a "subset of its data." The said third party entity gained access to people's emails, usernames and encrypted passwords.
Plex said in a message to all users that it discovered a "suspicious activity" on one of its databases on Tuesday. Upon such discovery, the company was able to confirm that a hacker had been able to acquire "a limited subset of data."
"Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords," Plex said in an email.
According to the company, all account passwords that were potentially accessed were secured following the best practices. However, "out of an abundance of caution," they are still asking all Plex accounts to have their passwords reset.
Meanwhile, Plex assured the users that credit card and other payment data are not kept in their servers. Thus, these data were not vulnerable to this hacking incident.
When resetting account password, Plex is requesting users to put a tick on the checkbox "Sign out connected devices after password change."
According to MacRumors, ticking the checkbox will sign out all devices, including Plex Media Servers. Afterward, users will be required to sign back in using their new password.
The company is also recommending that users enable two-factor authentication on their Plex account.
Read Also: Plex Solves Problem of Having Too Many Different Streaming Apps
Plex Already Addressed the Method Used to Infiltrate Its System
According to Engadget, Troy Hunt of Have I Been Pwned noted in his tweet that he, too was affected. In his tweet, he said that people can't do anything to be exempt from service hacks.
However, a user can use a password generator and two-factor authentication to make the impact of hacking less severe.
According to Hunt, he encountered an error while he was trying to reset his passwords. He found that "not signing out existing devices made the switch go through."
The method that the bad actor used in infiltrating its system has been addressed, according to Plex. However, the company did not provide further details regarding the matter.
Plex also promised to conduct reviews to ensure that its systems are "further hardened to prevent future incursions."
The company said that in the future, it will ensure that the security of its systems is strong in order to prevent a similar incident from occurring.
Related Article: Plex Adds New Feature To Replace DVRs, Now Allows TV Recording