Plex 更新:关于潜在安全事件的通知
亲爱的 Plex 用户,
我们最近经历了一起安全事件,可能涉及到您的 Plex 账户信息。我们认为此次事件的实际影响有限;然而,为确保您的账户安全,您需要采取一些措施。
**发生了什么**
一个未经授权的第三方访问了我们数据库中一小部分客户数据。虽然我们迅速控制了事件,但被访问的信息包括电子邮件、用户名和安全哈希的密码。
任何可能被访问的账户密码都是经过安全哈希处理的,符合最佳实践,这意味着第三方无法读取这些密码。出于谨慎考虑,我们建议您立即访问 https://plex.tv/reset 重置您的密码。请放心,我们的服务器上不存储信用卡数据,因此此次事件并未泄露此类信息。
**我们正在做什么**
我们已经解决了该第三方获取系统访问权限的方法,并正在进行额外的审查,以确保我们所有系统的安全性进一步加强,以防止未来的攻击。
**您需要做什么**
我们恳请您立即访问 https://plex.tv/reset 重置您的 Plex 账户密码。在此过程中,有一个“密码更改后注销连接设备”的复选框,我们建议您启用此选项。这将会将您从所有设备(包括您拥有的任何 Plex 媒体服务器)注销,以确保您的安全,您需要使用新密码重新登录。我们理解这会给您带来一些额外的工作,但这将为您的账户提供额外的安全保障。
**您可以采取的额外安全措施**
我们提醒您,Plex 的任何人都不会通过电子邮件联系您,要求提供密码或信用卡号码以进行付款。为了进一步保护账户,我们还建议您启用 Plex 账户的双重身份验证(如果您尚未这样做)。
最后,我们对这一情况可能给您带来的不便深表歉意。我们为我们的安全系统感到自豪,它帮助我们迅速检测到此次事件,我们想向您保证,我们正在迅速采取措施,防止潜在的未来事件发生。
有关如何重置密码的逐步说明,请访问:https://support.plex.tv/articles/account-requires-password-reset
谢谢,
Plex 团队
查看原文
Dear Plex User,
We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure.<p>What happened
An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, and securely hashed passwords.<p>Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. Out of an abundance of caution, we recommend you immediately reset your password by visiting https://plex.tv/reset. Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident.<p>What we're doing
We've already addressed the method that this third party used to gain access to the system, and we're undergoing additional reviews to ensure that the security of all of our systems is further hardened to prevent future attacks.<p>What you must do
We kindly request that you reset your Plex account password immediately by visiting https://plex.tv/reset. When doing so, there's a checkbox to "Sign out connected devices after password change," which we recommend you enable. This will sign you out of all your devices (including any Plex Media Server you own) for your security, and you will then need to sign back in with your new password. We understand that this means a little more work for you, but it will provide additional security to your account.<p>Additional Security Measures You Can Take
We remind you that no one at Plex will ever reach out to you over email to ask for a password or credit card number for payments. For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven’t already done so.<p>Lastly, we sincerely apologize for any inconvenience this situation may cause you. We take pride in our security systems, which helped us quickly detect this incident, and we want to assure you that we are working swiftly to prevent potential future incidents from occurring.<p>For step-by-step instructions on how to reset your password, visit: https://support.plex.tv/articles/account-requires-password-reset<p>Thank you,
The Plex Team