vps交流

plex账号密码泄漏预警


本帖最后由 gtgc2005 于 2022-8-24 15:17 编辑

刚刚收到了邮件,mjj们抓紧改密码吧

  1. ✉️ Plex <[email protected]>
  2. Action required: Important notice of a potential data breach
  3. (https://app.plex.tv/desktop/#!/settings/account) Profile Image (https://app.plex.tv/desktop/#!/settings/account)
  4. Dear Plex User, We want you to be aware of an incident involving your Plex account information yesterday. While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure. What happened Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident. What we’re doing We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions. While the account passwords were secured in accordance with best practices, we’re requiring all Plex users to reset their password. What you can do Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there’s a checkbox to "Sign out connected devices after password change." This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password here (https://support.plex.tv/articles/account-requires-password-reset/?utm_source=Plex&utm_medium=email&utm_content=reset_password&utm_campaign=sql_db_password_reset). We’d also like to remind you that *no one at Plex will ever reach out to you to ask for a password or credit card number over email*. For further account protection, we also recommend enabling two-factor authentication (https://support.plex.tv/articles/two-factor-authentication/?utm_source=Plex&utm_medium=email&utm_content=reset_password&utm_campaign=sql_db_password_reset) on your Plex account if you haven’t already done so. Lastly, we sincerely apologize to you for any inconvenience this situation may cause. We take pride in our security system and want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that third-parties will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Plex will never be complacent in hardening our security and defenses. For step-by-step instructions on how to reset your password, visit: https://support.plex.tv/articles/account-requires-password-reset (https://support.plex.tv/articles/account-requires-password-reset?utm_source=Plex&utm_medium=email&utm_content=two_factor_authentication&utm_campaign=sql_db_password_reset) Thank you,
  5. The Plex Security Team
  6. Copyright © 2022 Plex, Inc. All rights reserved.

复制代码

翻译版本:

  1. ✉️ Plex <[email protected]>
  2. 需要采取的行动。关于潜在数据泄露的重要通知
  3. (https://app.plex.tv/desktop/#!/settings/account) 资料图片 (https://app.plex.tv/desktop/#!/settings/account)
  4. 亲爱的Plex用户,我们想让你知道,昨天发生了一起涉及你的Plex账户信息的事件。虽然我们认为这一事件的实际影响有限,但我们希望确保你有正确的信息和工具来保证你的账户安全。发生了什么 昨天,我们在我们的一个数据库中发现了可疑的活动。我们立即开始调查,看来确实有第三方能够访问有限的数据子集,包括电子邮件、用户名和加密的密码。尽管所有可能被访问的账户密码都按照最佳做法进行了加密和保护,但出于谨慎,我们要求所有Plex账户重新设置密码。请放心,xyk和其他支付数据根本就没有存储在我们的服务器上,在这次事件中没有受到影响。我们正在做的事情 我们已经解决了这个第三方采用的进入系统的方法,我们正在做额外的审查,以确保我们所有系统的安全性得到进一步加强,以防止未来的入侵。虽然账户密码是按照最佳做法保护的,但我们要求所有Plex用户重新设置密码。你可以做什么 长话短说,我们善意地要求你立即重置你的Plex账户密码。在这样做的时候,有一个复选框是 "密码更改后退出连接设备"。这将额外注销你所有的设备(包括你拥有的任何Plex媒体服务器),并要求你用新密码重新登录。这是一个令人头痛的问题,但我们建议这样做以提高安全性。我们已经创建了一篇支持文章,其中有关于如何重置密码的分步说明(https://support.plex.tv/articles/account-requires-password-reset/?utm_source=Plex&utm_medium=email&utm_content=reset_password&utm_campaign=sql_db_password_reset)。我们还想提醒你,*Plex的任何人都不会通过电子邮件向你索要密码或xyk号码*。为了进一步保护账户,我们还建议在你的Plex账户上启用双因素认证(https://support.plex.tv/articles/two-factor-authentication/?utm_source=Plex&utm_medium=email&utm_content=reset_password&utm_campaign=sql_db_password_reset),如果你还没有这样做的话。最后,我们对这种情况可能造成的任何不便表示真诚的歉意。我们对我们的安全系统感到自豪,并希望向你保证,我们正在尽一切努力迅速补救这一事件,并防止未来事件的发生。我们非常清楚,第三方将继续试图渗入世界各地的IT基础设施,请放心,我们Plex在加强安全和防御方面绝不会自满。关于如何重置密码的步骤说明,请访问:谢谢你。
  5. Plex安全团队
  6. Copyright © 2022年Plex公司。保留所有权利。

复制代码