Plex is an American streaming media service and a client–server media player platform, made by Plex, Inc. The Plex Media Server organizes video, audio, and photos from a user’s collections and from online services and streams it to the players.
Plex disclosed that a breach was discovered on Tuesday August 24th, Plex Media is yet to reveal what kind of attack has been used towards the organization by the attackers. It is revealed that the hacker had obtained “a small subset of data, including emails, usernames, and encrypted passwords. The number of impacted users was not provided by the media company, which is situated in Los Gatos, California. The majority of registered users, are around 30 million people who were impacted by the August 24 data breach.
The passwords for the affected accounts were hashed and encrypted in accordance with the best practices in the sector. Plex employs salting and the one-way bcrypt hashing technique, according to business representatives. Additionally, Bcrypt creates a special salt for every password, preventing the attacker from figuring out the method used to generate salt. This approach makes produced hashes more complicated, which lengthens the time it takes to crack them and decreases the attacker’s ability to access plain text passwords over the long term. But this only slows down the attackers and stop the whole attack hence the encryption may be decrypted in future.
Plex suggested the users to change the password. While some users have been successful in changing their passwords, others are having trouble getting in again. Many users claim to receive alerts saying “Not authorized” or “You do not have access to this server” for their own servers.
Roger Grimes a well-known Cyber security architect added that attackers could rent password cracking infrastructure on the cloud for $50-$100 and guess trillions of passwords per second. Additionally, user-generated passwords had to be 20 characters long to withstand password cracking. With password reuse, simple passwords, and existing cracked password dictionaries, attackers had a chance of exploiting leaked hashed passwords.
Grimes also suggested changing passwords because “the majority of people’s passwords will fall within just a few hours to maybe a day of guessing. “Step-by-step instructions for the password reset procedure were supplied by Plex. However, a few users reported issues when changing their passwords or authenticating again.
Paradigmit cyber provides services like risk identification, business protection, managed security services, response and recovery.
Best practices to avoid data breach:
- Password hygiene: Each of your online accounts should have a strong, complicated, and unique password. To see if your password is up to snuff, use our password strength tool.
- Software updates: If you don’t update your software as soon as updates are available, then you are making your system vulnerable to breaches.
- Secure file storage: Make sure that you store any sensitive information in encrypted vaults, ideally password protected with advanced authentication to prevent unauthorized access.
- VPNs: VPNs increase your online safety by encrypting your web activity and IP addresses, which makes it harder for hackers to glean any of your online activity.
- Antivirus software: Finally, antivirus software detects malware and viruses by scanning your devices for suspicious behaviors that could lead to data breaches.
Reference :
https://9to5mac.com/2022/08/24/plex-data-breach
https://variety.com/2022/digital/news/plex-data-breach-hacked-user-emails-passwords-1235349295/
https://www.engadget.com/plex-reset-passwords-potential-data-breach-082347517.html
For further clarifications or support, please write to contact@paradigmitcyber.com
