Plex the novel streaming-to-library service, suffered a data breach and then outage due to users trying to change passwords.
Plex is a service that not only allowed users to maintain a large amount of content, but the ability to consume it at an unfathomable rate. Earlier this morning the service suffered a data breach, Engadget reports, that exposed sensitive information such as passwords, usernames, and emails. Every time a data breach like this happens, there is a small panic that leads to mass password changing, which is what happened here. After the company sent out an email alerting users of the breach, the avalanche of requests caused the site to malfunction. A Tweet from user @troyhunt details the breach.
The password change request email from Plex detailed that no other sensitive data had been breached:
Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.
– Plex
Although the media service claimed they’ve “already addressed the method” used for the breach, and users like Troy Hunt that use randomly generated passwords suffer “mere inconvenience,” many other internet users that use the same password and username would need to change MANY passwords to correct the breach. It’s also worth noting that Plex themselves haven’t posted about this issue on their site as of this writing.
Due to the swarm of Plex users attempting to change their password, the Plex website promptly went down possibly due to the influx of password changers, with no confirmation that the site’s issues were due to data breach. Of course, the site is now back up, so users affected by the breach should fix their security, and Plex has provided a handy guide on how to do that, or if you would like to streamline the process the link can be found here.
