Plex 遭遇黑客入侵!官方确认用户数据泄露并建议立即修改密码

知名流媒体软件 Plex 近日遭遇黑客入侵。官方已向用户发送邮件,告知大家需要立即重置账户密码。

根据 Plex 公告,一名未经授权的第三方获取了其部分数据库,涉及信息包括 用户邮箱、用户名以及经过哈希处理的密码。Plex 强调,其服务器从不存储信用卡数据,因此用户的支付信息未受影响。

与 Netflix 等集中式流媒体平台不同,Plex 主要依靠用户在本地设备上自建 Plex Media Server。官方账号体系则用于身份验证、远程访问和增值服务。因此,本次事件影响的是 云端账户信息,而非用户本地媒体库内容。

Plex 在邮件中告知用户尽快通过网站修改密码,并建议勾选“登出所有已连接设备”选项,以提高安全性。同时,官方推荐用户启用 两步验证(2FA)。

注意: 虽然被窃取的密码经过哈希加密,破解难度较高,但若用户在其他平台使用了相同密码,可能存在连锁风险。因此,及时更换密码并避免重复使用至关重要。

相关链接: Plex密码重置帮助

信息原文
Dear Plex User,
We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure.

What happened
An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, and securely hashed passwords.

Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. Out of an abundance of caution, we recommend you immediately reset your password by visiting https://plex.tv/reset. Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident.

What we're doing
We've already addressed the method that this third party used to gain access to the system, and we're undergoing additional reviews to ensure that the security of all of our systems is further hardened to prevent future attacks.

What you must do
We kindly request that you reset your Plex account password immediately by visiting https://plex.tv/reset. When doing so, there's a checkbox to "Sign out connected devices after password change," which we recommend you enable. This will sign you out of all your devices (including any Plex Media Server you own) for your security, and you will then need to sign back in with your new password. We understand that this means a little more work for you, but it will provide additional security to your account.

Additional Security Measures You Can Take
We remind you that no one at Plex will ever reach out to you over email to ask for a password or credit card number for payments. For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven’t already done so.

Lastly, we sincerely apologize for any inconvenience this situation may cause you. We take pride in our security systems, which helped us quickly detect this incident, and we want to assure you that we are working swiftly to prevent potential future incidents from occurring.

For step-by-step instructions on how to reset your password, visit: https://support.plex.tv/articles/account-requires-password-reset

Thank you,
The Plex Team
 
 
Back to Top