Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide
Ahoy beautiful people of Plex! I’m here with a quick update about the recently-disclosed security incident over at Cloudflare, a web proxy service that we use extensively for several parts of our infrastructure. In some rare circumstances, data passing through Cloudflare may have been exposed.
tl;dr: Sensitive Plex user data like passwords and billing information do not pass through Cloudflare and are not affected by this issue. However, our www.plex.tv site and our forums, which are backed by Cloudflare, use automatically-generated “tokens” behind the scenes to sign you in. User authentication and login services are provided by plex.tv, which does not use CloudFlare. These tokens do pass through Cloudflare, so we’ve taken the precaution of invalidating them. You probably won’t notice, since we can usually automatically issue new tokens from information stored in your browser, but in some cases you may be prompted to sign in again.
If you’ve never heard of Cloudflare before, it’s because they generally go about powering large portions of the internet quietly and with remarkable efficiency. We’re huge Cloudflare fans here at Plex; lots of stuff from that beautiful artwork in your media library to Media Server downloads to this very blog are delivered around the world in no time thanks to them. We’d like to thank the good folks at Cloudflare as well as the top notch security team from Project Zero for handling this swiftly and professionally.
And it wouldn’t be a security post without a gentle reminder to pick strong, unique passwords everywhere, and in this case, keep an eye out for updates from sites that were affected and change those passwords. It’s still a harsh internet out there, stay safe!Show Comments