Media streaming platform Plex suffered a data breach where an unauthorized third party accessed a subset of its customer database. The compromised data included email addresses, usernames, and securely hashed passwords, though no payment card information was exposed. While Plex claims the passwords were hashed per best practices, the lack of transparency about the hashing algorithm raises concerns about potential cracking attempts. The company urged users to reset passwords, enable two-factor authentication (2FA), and log out all connected devices to mitigate risks. This marks the second such breach in under a year, with a nearly identical incident occurring in August 2022, where authentication data was similarly exposed. Plex stated it had addressed the breach method but provided no technical details. Customers were advised to remain vigilant against phishing attempts, as the company emphasized it would never request passwords or credit card details via email.
TPRM report: https://www.rankiteo.com/company/plex-inc
"id": "ple5362053090925",
"linkid": "plex-inc",
"type": "Breach",
"date": "8/2022",
"severity": "85",
"impact": "",
"explanation": "Attack with significant impact with customers data leaks: Attack which causes leak of personal information of customers (only if no ransomware)"{'affected_entities': [{'industry': 'Media Streaming',
'name': 'Plex',
'type': 'Private Company'}],
'customer_advisories': 'Direct email notifications sent to users with '
'instructions for password resets and security '
'measures.',
'data_breach': {'data_encryption': 'Partially (passwords were hashed; '
'algorithm undisclosed)',
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate (personally identifiable '
'information but no financial data)',
'type_of_data_compromised': ['Email addresses',
'Usernames',
'Securely hashed passwords',
'Authentication data']},
'description': 'Media streaming platform Plex suffered a data breach in which '
'a hacker stole customer authentication data from one of its '
'databases. The exposed data includes email addresses, '
'usernames, and securely hashed passwords. Plex has advised '
'users to reset passwords and enable two-factor authentication '
'(2FA). No payment card information was compromised, as it is '
"not stored on Plex's servers. The company has addressed the "
'breach method but did not disclose technical details. This '
'marks the second such incident for Plex in under a year, '
'following a similar breach in August 2022.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'repeated breaches (second incident in '
'under a year)',
'data_compromised': ['Email addresses',
'Usernames',
'Securely hashed passwords',
'Authentication data'],
'identity_theft_risk': 'Low (passwords were hashed, but risk of '
'cracking attempts exists)',
'payment_information_risk': 'None (payment card information not '
'stored or exposed)',
'systems_affected': ['Database containing customer authentication '
'data']},
'initial_access_broker': {'high_value_targets': ['Customer authentication '
'database']},
'investigation_status': 'Ongoing (Plex has addressed the breach method but '
'not disclosed technical details; BleepingComputer '
'awaiting further updates)',
'post_incident_analysis': {'corrective_actions': ['Addressed the method used '
'to breach the server '
'(details undisclosed)']},
'recommendations': ['Users should reset passwords immediately and enable 2FA.',
'Users should sign out connected devices post-password '
'reset to prevent unauthorized access.',
'SSO users should log out of all active sessions via '
'Plex’s security page.',
'Companies should disclose hashing algorithms used to '
'build trust and allow users to assess risk.',
'Regular security audits and penetration testing should '
'be conducted to prevent recurrent breaches.'],
'references': [{'source': 'BleepingComputer',
'url': 'https://www.bleepingcomputer.com/news/security/plex-warns-users-to-reset-passwords-after-data-breach/'}],
'response': {'communication_strategy': ['Public breach notification',
'Direct user advisories via email',
'Media outreach (e.g., '
'BleepingComputer)'],
'containment_measures': ['Isolated the affected database',
'Addressed the breach method'],
'incident_response_plan_activated': True,
'remediation_measures': ['Advised users to reset passwords',
'Recommended enabling two-factor '
'authentication (2FA)',
'Recommended signing out connected '
'devices post-password reset',
'Recommended logging out of all active '
'SSO sessions']},
'stakeholder_advisories': 'Users advised to reset passwords, enable 2FA, and '
'log out of active sessions.',
'title': 'Plex Data Breach Exposes Customer Authentication Data',
'type': ['Data Breach', 'Unauthorized Access']}