As the company announced in an email to its users on August 24, 2022, unknown people probably had access to access data and customer information.
Users should reset passwords immediately
Unknown people had access to user names, email addresses and encrypted passwords, but not credit card or other payment details. Plex still asks its users to set a new password the next time they log in . To be on the safe side, you should also check the box to disconnect all currently logged in devices. Specifically, the email states: “This will additionally log out all of your devices (including any Plex Media Servers you own) and require you to log back in with your new password. This is tedious, but we recommend it for greater security.”
Attack route already closed
Plex has already closed the attack route and is currently examining further protective measures. If you need help resetting your password, Plex recommends taking a look at this Plex support entry . In addition, Plex users are also asked to activate two-factor authentication to protect their account. How this works is explained in this support article . This doesn't help against break-ins and data theft, but it does make access more difficult for attackers. Two-step authentication (also called two-step verification or two-factor authentication) is an additional security measure to protect a user account and should generally always be set up. We have described how this works HERE .
Plex users should be careful with emails in the future, as attackers could use the captured email addresses for phishing . Additionally, Plex mentions that Plex will never ask you for a password or credit card number via email.
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )