Plex: Another data breach!

in #plex15 days ago

Looks like another plex data breach occured a few days ago:

17473092cf7b57158c59d03f99682aebbd324e05.png

https://forums.plex.tv/t/important-notice-of-security-incident/930523

-=[ What Happened ]=-

Plex recently confirmed a database breach that exposed account information. Email addresses, usernames, and hashed passwords may have been accessed. Even though Plex stores passwords securely, attackers can attempt to crack weak ones.

-=[ Immediate Actions: ]=-

1 - Change Your Plex password!!!
-Go to https://www.plex.tv/
→ Account Settings → Change Password

-Use a strong, unique password!!

2 - Sign Out of All Devices

-After changing your password, select "Sign Out of Connected Devices" to force a re-login everywhere.
( pain in the ass but better safe than sorry! )

3 - Enable Two-Factor Authentication (2FA)

-In Account Settings → Two-Factor Authentication, scan the QR code with an authenticator app (Authy, Google Authenticator, etc.).

-Save backup codes offline securely!!

-=[ Extra Password Stuff for fun ]=-

You can check if your old password appears in a known breach using a local linux bash script that only shares the HASH of your password and not directly in plain text using a simple linux bash script.

-=[ What the Script Does ]=-

passcheck.sh lets you test a password against the "Have I Been Pwned" (https://haveibeenpwned.com/) breach database without exposing the password itself.

The script converts the password into a SHA-1 hash and only sends the first five
characters of the hash to the HIBP API.
This k-anonymity method means the full password and complete hash never leave your machine, so the check cannot reveal your actual password to anyone.

-SSH to your favorite linux box and create the script with nano:

nano passcheck.sh

-Paste this simple script into editor:

#!/bin/bash
read -s -p "Enter password to check: " password
echo
hash=$(echo -n "$password" | sha1sum | awk '{print toupper($1)}')
prefix=${hash:0:5}
suffix=${hash:5}
result=$(curl -s "https://api.pwnedpasswords.com/range/$prefix" | grep "$suffix")
if [ -z "$result" ]; then
    echo "✅ Your password was NOT found in the breach database."
else
    echo "❌ Your password HAS been found in the breach database:"
    echo "$result"
fi

-Save the file.

-Make it executable:
chmod +x passcheck.sh
-Run it:
./passcheck.sh

Example output of testing weak password: "connect1"

image.png

Example output of testing a more secure unique password:

image.png

Hope this helps and stay safe out there!!!

-=[ BONUS CAT TAX ]=-

20210903_161307.jpg

evileddy HIVE BLOG.png

#security #linux #password #twofactor #breach
15 days ago in #plex by
$0.23
  • Past Payouts $0.23
  • - Author $0.11
  • - Curators $0.12
6 votes
Reply 1
Sort:  
  • Trending
    • [-]
     11 days ago  

    Congratulations @evileddy! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

    You received more than 4000 upvotes.
    Your next target is to reach 4250 upvotes.

    You can view your badges on your board and compare yourself to others in the Ranking
    If you no longer want to receive notifications, reply to this comment with the word STOP

    $0.00
      Reply