Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Plex Media. Show all posts

 Plex Breach: Alerts Users Must Reset Their Passwords


Plex, a streaming media service, has revealed a data theft and advised users to change their passwords.
According to the company's statement to its clients, all account passwords were encrypted and hashed utilizing the firm's approved guidelines. Nevertheless, there is proof that credentials were accessed. 

One of the most popular media streaming programs, Plex enables users to stream their own audio, video, and images stored on their own personal media servers in addition to movies and live television. It's worth noting that more than 30 million people are registered users of Plex. 

As per a spokesperson of Plex, the exploit affects both streaming and personal media clients. Although Plex is requesting that all customers change their own passwords, the representative would not disclose the number of accounts are affected by the hack. 

About the breach

Various Plex video streaming users reported having trouble logging into their accounts on Wednesday. Troy Hunt, a security researcher, also stated his concern and uploaded screenshots of the issues he saw when attempting to access his account.

Later, Plex reported being hacked and revealed that the hackers gained access to its private database and stole at least 15 to 30 million of its users' usernames, emails, and passwords.

The intruders were unable to access users' private media libraries, which might have contained sensitive media files like private images, pirated content, and other credentials. Payment information, according to Plex, is not kept on the company's servers. 

The company emphasized that because the passwords were cryptographically scrambled, hackers would need to use extra tools to decrypt the hashes and convert them to plaintext. The passwords, as per Plex, were hashed with bcrypt, one of the safe and robust password-protection methods that are also difficult to decode. It urged consumers to enable 2FA and utilize complex passwords on all of their websites, apps, and services. 

The incident's further specifics are still vague, and Plex hasn't officially disclosed the hack on its website or social media. The inquiries were also not immediately answered by Plex spokespersons. 

It's important to use a password manager and use two-factor authentication whenever you can to make it far more difficult for hackers to access your online accounts after the Plex incident. 


Plex Media Servers Actively Abused To Amplify DDoS Attacks

Research workers with NetScout's Atlas Security Engineering and Response Team have warned against the threat actors campaign, they said that attackers are exploiting server systems of the Plex Media app to amplify various DDoS (Distributed Denial of Service) attacks. 

Plex Media Server provides a streaming system that runs on a variety of platforms, including Windows, Linux, macOS, and FreeBSD, as well as network-attached storage (NAS) hardware devices, RAID units, and digital media players, Docker containers, and more features such as users share video and other media with other devices. 

As of now, network monitoring firm Netscout believes that about 27,000 Plex Media servers are at the risk of the DDoS dilate attacks, reported in an alert report published on Wednesday which has been released this week. 

As part of Plex normal activities, system scans local networks with the help of G'Day Mate (GDM), this activity allows Plex device to find out other supported media devices and streaming users. Additionally, the system also uses SSDP (Simple Service Discovery Protocol) which helps in tracking down Universal Plug and Play (UPnP). 

Netscout stated that DDoS attacks are being observed since November 2020, exploiting UDP/32414 SSDP HTTP/U. Amplification attack happens when cybercriminals send requests to the server system in small numbers, and if the server responds back with numerous responses. The threat actors also can mock the source IP address to display as the victim, resulting in traffic that deluges victim resources and cause a crash. 

"We’ve seen its use as far back as November when activity ramped up, but most of the time, we see its use is in multi-vector attacks rather than as a primary vector, which can result in some uncertainty in finding an exact day it began to be used," Richard Hummel, Manager of Threat Intelligence at Netscout said in an email interview when asked if the first time PMSSDP was observed as a DDoS attack amplification vector. 

"The total number of attacks from Jan 1, 2020, to present day, clocked in at approximately 5,700 (compared to the more than 11 million attacks in total we saw during the same time frame)," Richard Hummel added.