Be careful – customer emails and passwords have been stolen
Plex, a popular media streaming platform, has issued a warning to its customers regarding a recent data breach. During the incident, a hacker stole customer authentication data. As a result, users are being advised to reset their passwords.
According to Plex, the stolen data includes email addresses, usernames, securely hashed passwords, and authentication data.
In its data breach notification, Plex stated: “We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure. An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data.” The company added that no payment card information was stolen.
Karolis Arbaciauskas, head of product at NordPass comments:
“Plex stresses that account passwords were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. But we still recommend resetting passwords. You can do this here. I would also advise enabling the ‘Sign out connected devices after password change’ option and turning on two-factor authentication for added protection.
“For those using SSO to log in, it would be best to log out of all active sessions. That can be done here, by clicking the button ‘Sign out of all devices.’ For step-by-step instructions on how to reset your password, visit this link.
“Remember to also inform your family and friends about this change. After a password reset, users will need to log in again on all their devices using the new credentials. A password manager can be helpful for securely generating and sharing these new credentials.
“Although the company insists the data leak was limited and the passwords were hashed, users should still be extra careful, especially if they reuse passwords. And people do reuse passwords. As many as 62% of Americans, 60% of Brits, and 50% of Germans admit doing so across multiple online accounts, our survey shows.
“For those who reuse passwords, there’s a risk that some credentials may have already been or will be exposed on the dark web. It’s highly probable that malicious actors will attempt to connect the dots and use these previously leaked passwords to gain unauthorized access to Plex accounts.
“Remember that after major data leaks, social engineering attacks tend to intensify. So users should be a bit more suspicious for some time. Be wary of unsolicited emails and messages, even if they seemingly are from Plex or even the police. If you receive such messages, be extremely careful because links can lead to pages that are designed to steal even more of your data. If you are not sure about the email or a message, it is better not to click on the link. In its breach notification, Plex also emphasizes that it never reaches out over email to ask for a password or credit card number for payments.”
ABOUT NORDPASS
NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to securely access their passwords on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN – the advanced security and privacy app trusted by more than 14 million customers worldwide. For more information: nordpass.com.
Guest Post: Raven Stealer, a new password-stealing malware, targets Google Chrome
Posted in Commentary with tags Nordpass on September 19, 2025 by itnerdA new malware called Raven Stealer has emerged and started targeting users of Chromium-based browsers, such as Google Chrome and Microsoft Edge. This malware is designed to harvest credentials and other sensitive information, cybersecurity researchers warn.
According to a blog post published by a team that discovered the infostealer, it spreads through underground forums and cracked software (phishing emails) and has a unique exfiltration method through the Telegram chat app.
Once installed, Raven Stealer accesses local storage paths and credential vaults on browsers to locate encryption keys. It leverages native Windows API calls to decrypt and extract saved data. The stealer’s primary target is browser-based authentication data, including saved passwords and session cookies, but it also gathers autofill entries, payment data, browsing history, and other data types. After the job is done, text files are stored in the .zip folder and sent to the attacker’s Telegram channel.
Karolis Arbaciausias, head of product at NordPass, comments:
“The emergence of Raven Stealer is a significant concern. This malware is particularly insidious because it silently targets the data people believe is encrypted and safe within their browsers. Raven Stealer is specifically engineered to search for stored credentials and encryption keys, making the browser’s vault a primary target and a weakness. Raven Stealer’s unique Telegram exfiltration makes detection challenging. Sending information through encrypted messaging channels lets it bypass many conventional security filters. Moreover, this malware is also capable of bypassing many corporate network filters.
“For individuals, probably the simplest and fastest way of dealing with this new threat is a dedicated password manager, which acts as an isolated, encrypted box for credentials and other data. It ensures that even if your browser is compromised, your actual passwords and session cookies remain secure and out of reach.”
To protect against Raven Stealer and other similar threats, Arbaciauskas also advises to:
For companies, centralized password and access rights management is essential. Besides that, Arbaciauskas recommends that you:
Leave a comment »