They didn’t provide any real timelines, unless I missed something. Trust me bro, we shut it down real fast.
Comment on Plex got hacked.
JasonDJ@lemmy.zip 4 weeks ago
-
admitted the issue immediately
-
reassured users as to actual scope of breach, probable risk
-
provided recommended actions for users who think they may be impacted.
My god…I’ve got to hand it to plex. This is the perfect incident response letter.
lazynooblet@lazysoci.al 3 weeks ago
kbobabob@lemmy.dbzer0.com 3 weeks ago
I don’t understand what the difference would be. The damage is done and they notified people of those damages.
lazynooblet@lazysoci.al 3 weeks ago
Well, if it said “The attacker gained access to systems in October 2023 and we patched out the vulnerability during March 2025,” you’d be asking why it took so long to discover the intrusion and why they didn’t let us know for six months?
Cocodapuf@lemmy.world 3 weeks ago
Yeah, I have to agree. When a breach occurs (and it happens to just about every organization at some point or another) a press release this honest, responsible and immediate is not really the norm. I see this as a show of competence on the security front and integrity for the company as a whole.
I do wish Plex wasn’t further enshitifying their product more with every release, but that’s a different issue.
zr0@lemmy.dbzer0.com 3 weeks ago
Fully agree. There is no time and space to play the blame game, as it simply does not matter at this point. React swiftly and be transparent. You are free to invest months afterwards for investigations and followups
Scrollone@feddit.it 3 weeks ago
They admitted the issue because they’re a German company and they would get fined 20 million euros if they didn’t.
remon@ani.social 3 weeks ago
they’re a German company
Unless there is a town called “German” in California, they are not.
Scrollone@feddit.it 3 weeks ago
You’re right, I’m sorry. I was misremembering.
Gutless2615@ttrpg.network 4 weeks ago
I mean I don’t understand the accolades for legally following the law.
scratchee@feddit.uk 3 weeks ago
You can follow the law and still screw up the response/announcement pretty badly, and so many do not even manage that much.
So yeah. It’s satisfying when someone acts both professionally and conscientiously in a situation like this.
8uurg@lemmy.world 3 weeks ago
Yeah, even if it is the law, companies do tend to fall short of adhering to said law. For example, a lab that does cancer screening got hacked and pretty much messed up their entire response.