Black Arrow Cyber Advisory 26/08/2022 – Plex has suffered a data breach involving customer account information
Executive Summary
Plex, the streaming platform aggregate, has suffered a data breach on 22/08/2022 where customer information including emails, usernames and encrypted passwords were stolen. The organisation has advised that users reset their passwords immediately.
What’s the risk to me or my business?
While it has been specified that the passwords were encrypted, it still may be possible for a malicious attacker to brute force the password, which would allow them access to the account, and potentially any other account which also uses the same email and password combination. It is also likely that users will start receiving more phishing emails and spam, which is a frequent occurrence after a data breach.
What can I do?
It is recommended that the password for the account is changed. If that password is in use for any other account associated with the email address, then this should also be changed. As a reminder it is best practice and often organisational policy for users to have different passwords for different accounts for this very reason.
Further information on this specific data breach can be found here: Important notice of a potential data breach 24th of August 2022 - Announcements - Plex Forum
Need help understanding your gaps, or just want some advice? Get in touch with us.