Comment

Comment on Plex got hacked.

JasonDJ@lemmy.zip ⁨6⁩ ⁨months⁩ ago

admitted the issue immediately
reassured users as to actual scope of breach, probable risk
provided recommended actions for users who think they may be impacted.

My god…I’ve got to hand it to plex. This is the perfect incident response letter.

source

Sort:hotnew top

Scrollone@feddit.it ⁨6⁩ ⁨months⁩ ago
They admitted the issue because they’re a German company and they would get fined 20 million euros if they didn’t.

source
- remon@ani.social ⁨6⁩ ⁨months⁩ ago
  
  they’re a German company
  
  Unless there is a town called “German” in California, they are not.
  
  source
  - Scrollone@feddit.it ⁨6⁩ ⁨months⁩ ago
    You’re right, I’m sorry. I was misremembering.
    
    source
Cocodapuf@lemmy.world ⁨6⁩ ⁨months⁩ ago
Yeah, I have to agree. When a breach occurs (and it happens to just about every organization at some point or another) a press release this honest, responsible and immediate is not really the norm. I see this as a show of competence on the security front and integrity for the company as a whole.

I do wish Plex wasn’t further enshitifying their product more with every release, but that’s a different issue.

source
zr0@lemmy.dbzer0.com ⁨6⁩ ⁨months⁩ ago
Fully agree. There is no time and space to play the blame game, as it simply does not matter at this point. React swiftly and be transparent. You are free to invest months afterwards for investigations and followups

source
lazynooblet@lazysoci.al ⁨6⁩ ⁨months⁩ ago
They didn’t provide any real timelines, unless I missed something. Trust me bro, we shut it down real fast.

source
- kbobabob@lemmy.dbzer0.com ⁨6⁩ ⁨months⁩ ago
  I don’t understand what the difference would be. The damage is done and they notified people of those damages.
  
  source
  - lazynooblet@lazysoci.al ⁨6⁩ ⁨months⁩ ago
    Well, if it said “The attacker gained access to systems in October 2023 and we patched out the vulnerability during March 2025,” you’d be asking why it took so long to discover the intrusion and why they didn’t let us know for six months?
    
    source
    kbobabob@lemmy.dbzer0.com ⁨6⁩ ⁨months⁩ ago
    
    Well, if it said…
    
    It didn’t
    
    source
    -> View More Comments
Gutless2615@ttrpg.network ⁨6⁩ ⁨months⁩ ago
I mean I don’t understand the accolades for legally following the law.

source
- scratchee@feddit.uk ⁨6⁩ ⁨months⁩ ago
  You can follow the law and still screw up the response/announcement pretty badly, and so many do not even manage that much.
  
  So yeah. It’s satisfying when someone acts both professionally and conscientiously in a situation like this.
  
  source
  - 8uurg@lemmy.world ⁨6⁩ ⁨months⁩ ago
    Yeah, even if it is the law, companies do tend to fall short of adhering to said law. For example, a lab that does cancer screening got hacked and pretty much messed up their entire response.
    
    source