Article 62W1C Plex imposes password reset after hackers steal data for >15 million users

Plex imposes password reset after hackers steal data for >15 million users

by
Dan Goodin
from Ars Technica - All content on (#62W1C)
data-breach-hack-800x534.jpeg

Enlarge (credit: Getty Images)

Streaming media platform Plex on Wednesday said it was hacked by intruders who managed to access a proprietary database and make off with password data, usernames, and emails belonging to at least half of its 30 million customers.

Yesterday, we discovered suspicious activity on one of our databases," company officials wrote in an email sent to customers. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords."

The email said that the passwords were hashed and secured in accordance with best practices," meaning the passwords were cryptographically scrambled in a way that requires attackers to devote additional resources to crack the hashes and revert them back to their plaintext state. A Plex spokesperson said that the passwords were hashed using bcrypt, among the strongest algorithms for protecting passwords. bcrypt automatically applies what's known as cryptographic salting and peppering to make cracking harder.

Read 6 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments