Security News

A Plex "Feature" is raising privacy hackles of some users after sharing with others what they are watching on the streaming service - seemingly without their consent. At the start of this month Plex rolled out "Discover Together," with an "Activity" feature that shows "What you and your friends are watching, rating, and saving to your Watchlists," according to the streaming service.

CISA has added an almost three-year-old high-severity remote code execution vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks. Attackers with "Admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code," according to an advisory published by the Plex Security Team in May 2020 when it patched the bug with the release of Plex Media Server 1.19.3.

The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with details "Available from a third-party data breach and a vulnerability in a third-party media software package to launch a coordinated second attack" between August and October 2022.

Users of popular streaming and media organizing service Plex are waking up to an unpleasant email this morning saying, in the words of a Reg reader, "Plex have been hacked and their main site is down as we all rush to change passwords." All Plex users are being required to reset their passwords, per the email, though it's also unclear how mandatory or automated the change will be.

The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases."Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution, we are requiring all Plex accounts to have their password reset," claims Plex's notice.

The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases. "Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution, we are requiring all Plex accounts to have their password reset," claims Plex's notice.