Plex imposes password reset after hackers steal data for >15 million users, If you use Plex, you might want to reset your password immediately…
“Yesterday, we discovered suspicious activity on one of our databases,” company officials wrote in an email sent to customers. “We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.”
The email said that the passwords were “hashed and secured in accordance with best practices,” meaning the passwords were cryptographically scrambled in a way that requires attackers to devote additional resources to crack the hashes and revert them back to their plaintext state. A Plex spokesperson said that the passwords were hashed using bcrypt, among the strongest algorithms for protecting passwords. bcrypt automatically applies what’s known as cryptographic salting and peppering to make cracking harder.
The company is nonetheless requiring all customers to reset their passwords. Step-by-step instructions are here. For good measure, the company advises signing out of all connected devices after the password change and then logging back in.
The email also said that no payment card details were stored in the database that was accessed and therefore aren’t affected by the breach.
Multiple people reported having trouble logging in to their accounts on Wednesday morning. Security researcher Troy Hunt posted a screenshot of errors he received when trying to log in to his account.
Two Ars staffers said they, too, initially had trouble accessing their accounts but eventually succeeded. A third person connected to Ars reported resetting his password and receiving an email from Plex immediately afterward instructing him to once again reset his password. The email sent him in a loop when he could not log in with the new password.
Plex is a major provider of media streaming services that allow users to stream movies and audio, play games, and access their own content hosted on home or on-premises media servers. The Plex spokesperson said the company has more than 30 million registered users and that the majority of them were affected by the breach.
Wednesday’s notification said that company officials have already uncovered the means the intruders used to gain access to the database and have fixed it. Engineers continue to do additional reviews to prevent similar breaches from occurring again.
Plex imposes password reset after hackers steal data
The email stated that the passwords were “hashed and protected according to best practices,” meaning that the passwords were cryptographically encrypted in such a way that attackers must dedicate additional resources to cracking the hashes and reverting them back to their original state. A Plex spokesperson said the passwords were hashed using bcrypt, one of the most secure password protection algorithms. bcrypt automatically applies what’s called cryptographic salt and pepper to make it harder to crack.
However, the company requires all customers to reset their passwords. Step by step instructions here. Just in case, the company recommends logging out of all connected devices after changing the password and then logging back in.
The email also stated that the payment card details were not stored in the database that was accessed and therefore was not affected by the hack.
Several people reported problems logging into their accounts on Wednesday morning. Security researcher Troy Hunt publish screenshot of the errors he got when trying to log into his account.
Two Ars employees said they too had trouble accessing their accounts at first, but they eventually succeeded. A third person associated with Ars reported that he reset his password and immediately afterward received an email from Plex asking him to reset his password again. The email got him stuck when he couldn’t login with the new password.
Plex is a major provider of media streaming services that allow users to stream movies and audio, play games, and access their own content hosted on home or local media servers. A Plex spokesperson said the company has over 30 million registered users and that most of them have been hacked.
The notice, received on Wednesday, said that company representatives had already discovered the tools that the attackers used to gain access to the database and fixed them. Engineers continue to conduct additional checks to prevent the recurrence of such violations.
plex server keeps going down
This may have already been answered if it has can someone point me to the fix?
I am running shield tv 9.1.0(220.127.116.11)
plex server 18.104.22.16848
I am having an issue with the plex server. It keeps shutting down after a day or two. I went in and changed the permissions to allow the plex server access to external drive. The only other thing I could think of is something in the chain is going to sleep. I went in and tried to change as much as I could so it did not go into sleep mode. I can’t think of anything else.
These SW updates that NVidia pushes have been so terrible they must pass this stuff onto interns. Some basic validation test would prevent all of this.
My plex is fine. I worry a bit about how you described your troubleshooting when you say you “tried changing as much as I could.” From years of using Tech this is usually not a good idea because you forget what things you changed so you start losing track of what thing is causing what effect to happen.
What I would do if I was having issues like you described is take a few screenshots of all the folder paths and categories you have created. Bite the bullet and uninstall updates for Plex, try to delete the Plex app as much as possible even though it’s installed on the device. You should be able to uninstall all updates and get it back to square one again.
Then install the app and do the updates that are needed to bring it current and just sign in and rebuild the same categories and carefully check your options and understand what you are “changing” so that you are not just aimlessly changing things to change them but actually knowing what is happening with each change.
Unfortunately in the past I had some blocks issues as well but all of it was easily fixed by just reinstalling the Plex updates and redoing my server. Been running fine ever since.
Just plan it carefully, make sure you have all the screenshots of folder paths and directories ready and setting it up again should be pretty fast. Assuming your filenames, folder structure etc are done correctly.
Edit: also something I’ve learned from past experience setting up my own plex servers is be careful how much metadata you throw at the application at any given time. For example if you have a huge music collection or very very large movie or TV collection try adding smaller amounts of folders at once and slowly re add everything so that you do not overwhelm the scanning of metadata. For example just add your music first. Look at the little spinning wheel to confirm it is done scanning, then add your TV, movies, etc. Don’t overwhelm it adding everything at once. Pay attention to details like how fast it is pulling in metadata so that you don’t bog it down unnecessarily etc. Should be a fairly quick and smooth process, but give it time to process what it needs to process metadata wise.