Plex was breached by an unauthorized third-party gained who gained access to a proprietary database. The specific attack vector that facilitated the breach hasn’t been disclosed. According to Plex, cybercriminals “tunneled” their way through sophisticated cybersecurity mechanisms to gain access to sensitive customer data.
Tunneling references are usually descriptive of third-party breaches - when a data breach occurs through a compromised third-party vendor - which would align with Plex’s admission that the attack was facilitated by unauthorized third-party access. The term tunneling is also associated with VPN compromise, like the event preluding the Uber data breach. Both scenarios are speculations that haven’t been confirmed by Plex.
The data breach impacted 30 million Plex users. Compromised data included:
- Encrypted (or hashed) passwords
Depending on the degree of encryption, compromised passwords could take years, or even centuries, to crack with password discovery methods. Out of an abundance of caution, Plex has urged its users to reset their passwords immediately.
How to Avoid a Data Breach like Plex
With the limited information currently available about the incident, it seems like Plex followed good cybersecurity practices leading up to and following this data breach. The company stored passwords securely, they rapidly detected and stopped the cyber attack, and, most important of all, the company notified its customer of the data breach within 24 of the event being discovered - a stark contrast to Cash App who waited four months before advising its users of a data breach.
Nevertheless, even with the limited amount of information that’s available, some important cybersecurity lessons can be learned from the Plex data breach
1. Document all Log Records
Keeping an updated record of all asset access logs could alert you to suspicious network activity and also prove that appropriate response actions were taken in the event of a data breach investigation. Network activity could be monitored with free tools like Wireshark.
Data log documentation is a security control that could support compliance with cybersecurity regulations like HIPAA.
2. Implement a Vendor Risk Management Solution
If the Plex data breach occurred though a compromised third-party a Vendor Risk Management solution could preemptively detected potential vendor vulnerabitliies that could facilitate such breaches.
3. Segment Your Internal Network
Even if a threat actor gains access to your private network, the risk of a data breach could be reduced if your network is segmented in a way that obfuscated lateral movement.
4. Secure Privileged Credentials with Hard Tokens
If the Plex hackers gain administrative level access to a victim’s server, they could potentially steal all of the media files uploaded to that server, or additionally, encrypt these files and threaten deletion unless a ransom is paid.
Though your business may not offer the same file upload capabilities as Plex, this threat highlights the level of business disruption that’s possible if privileged credentials are compromised.
To mitigate such events, all privileged credentials should be secure with multiple authentication factors. Ideally, hard tokens should be used as an additional authentication barrier since this security controls his the hardest to bypass.
See how your organization's security posture compares to Plex's.