Streaming media platform Plex on Wednesday said it was hacked by intruders who managed to access a proprietary database and make off with password data, usernames, and emails belonging to at least half of its 30 million customers.
“Yesterday, we discovered suspicious activity on one of our databases,” company officials wrote in an email sent to customers. “We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.”
The email said that the passwords were “hashed and secured in accordance with best practices,” meaning the passwords were cryptographically scrambled in a way that requires attackers to devote additional resources to crack the hashes and revert them back to their plaintext state. A Plex spokesperson said that the passwords were hashed using bcrypt, among the strongest algorithms for protecting passwords. bcrypt automatically applies what’s known as cryptographic salting and peppering to make cracking harder.