Digital Eliteboard - Das Digitale Technik Forum

Registriere dich noch heute kostenloses um Mitglied zu werden! Sobald du angemeldet bist, kannst du auf unserer Seite aktiv teilnehmen, indem du deine eigenen Themen und Beiträge erstellst und dich über deinen eigenen Posteingang mit anderen Mitgliedern unterhalten kannst! Zudem bekommst du Zutritt zu Bereiche, welche für Gäste verwehrt bleiben

Hardware & Software Plex fordert User zum Passwort reset auf - Data breach

The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases.
According to the letter that a reader shared with BleepingComputer, the intruder potentially accessed a limited subset of data, including email addresses, usernames, and encrypted passwords.

"Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution, we are requiring all Plex accounts to have their password reset,"
Du musst dich Anmelden oder Registrieren um diesen link zusehen!
.

"Rest assured that credit card and other payment data are not stored on our servers at all, and were not vulnerable at this incident".
Plex claims that it has identified the means by which the third-party accessed the database and addressed the problem to harden its systems and prevent similar incidents from re-occurring in the future.
Troy Hunt, creator of data breach monitoring service '
Du musst dich Anmelden oder Registrieren um diesen link zusehen!
' also found himself among the impacted users.


Troy Hunt among the impacted users


Unclear impact​

At this time, the impact of the incident and the password reset action hasn't been specified by Plex, but the internet company characterized it as "limited".
BleepingComputer has contacted Plex requesting more information on that front, and we will update this post as soon as we hear back from the firm.
Some user reports indicate that the problem doesn't impact free accounts, so it may be that only paying accounts have been affected. Still, this hasn't been verified yet.
Meanwhile, the Plex.tv website experienced an outage today and is down at the time of writing this. Plex status page acknowledges the problem and says it's investigating on the cause.

Plex status page reporting website access problems
Plex status page reporting website access problems

It is unknown if this outage is related to the unauthorized database access, or if it's a separate DDoS (distributed denial of service) attack that targets the platform.

Password resets​

The password reset isn't enforced via automatic sign-outs, so those who don't log out of their accounts on existing devices may continue using Plex, but encounter media collection access issues.
Moreover, several users report getting "internal server errors" when trying to update their account password, which adds friction (and irritation) in the process.

Error seen by many of the impacted users


Error seen by many of the impacted users (
Du musst dich Anmelden oder Registrieren um diesen link zusehen!
)
It is recommended that you follow
Du musst dich Anmelden oder Registrieren um diesen link zusehen!
immediately to minimize the chances of account takeover.

Additionally, if you might be using the same credentials on other websites, you should reset your passwords there too.
Not doing so might make you vulnerable to credential stuffing attacks where malicious actors use stolen username+password pairs to try and log in on various websites.
Remember, encryption doesn't make passwords uncrackable either at present or in the future, as that depends on the type of algorithm used for securing the stored passwords. Plex doesn't define that detail in the sent letter.
To further reduce the chances of account takeovers on any online platform you're using, activate MFA (multi-factor authentication) if the option is available.
Plex users can add a 2FA (two-factor authentication) step in their login process for additional account security by following
Du musst dich Anmelden oder Registrieren um diesen link zusehen!
.


Quelle:
Du musst dich Anmelden oder Registrieren um diesen link zusehen!
 
Zurück
Oben