An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data. Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party.
The passwords were hashed and, I’m inferring from their language, salted per-user as well. Assuming a reasonable length password (complexity doesn’t matter much here, what we want is entropy) it would take a conventional (i.e. not quantum) computer tens to hundreds of millions of years to crack one user’s password.
Yeah, I’m not really worried about it. I changed my password and moved on. It’s just that hackers have every reason to try and exploit Plex, while individual servers are hardly worth someone’s time and effort to go after when the payoff is maybe 1-2 usernames and emails
From their blog post about it:
The passwords were hashed and, I’m inferring from their language, salted per-user as well. Assuming a reasonable length password (complexity doesn’t matter much here, what we want is entropy) it would take a conventional (i.e. not quantum) computer tens to hundreds of millions of years to crack one user’s password.
Yeah, I’m not really worried about it. I changed my password and moved on. It’s just that hackers have every reason to try and exploit Plex, while individual servers are hardly worth someone’s time and effort to go after when the payoff is maybe 1-2 usernames and emails