Originally Posted by
HDQDD
I think this is the second time Plex has been "hacked" in the 10 years or so I've been using it. I use a unique random username/password for every login so I'm not so worried about this one. If it were my bank or broker I'd be worried.
. Like any hack, I'd be interested to learn more about what happened, but sadly much of that never sees the light of day.
I think any company that is larger than x amount of users or y amount of revenue should: A) be subject to some level of cybersecurity disclosures and/or audits, and B) should have to disclose details of a compromise (after it's been patched), and perhaps: C) be financially penalized for loss of user information in their care (whether it's used nefariously or not).
Something similar happened in 2022. Everyone should have unique passwords for all their logins. It's a pain, but a security breach involving you (as a user) is even more of a hassle. I always tell others to go beyond minimal when setting this stuff up, otherwise they're going to have more work to do later.
As for what companies should do, they should have a team that reviews their existing security processes at least semi-annually and update (or set up a project to update) their security processes... eg, the annual process realises that this new module for some reason isn't using encryption, should be updated or if not possible, figure a way to limit the damage it could cause).