Plex imposes password reset after hackers steal data for >15 million users

Ars Technica: Time to reset your password if you’re a customer of Plex. The streaming media platform said that hackers managed to access a database with passwords, usernames and emails from at least 15 million customers. While payment information was not breached, a Plex spokesperson said that the passwords were hashed using bcrypt, which automatically applies a formula to make cracking harder… which obviously the hackers figured out a workaround. 

More: @troyhunt | Silicon Republic | Variety

Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies

CNN: Twitter’s ex-head of security, Peiter “Mudge” Zatko, is causing a firestorm for alleging reckless cybersecurity policies at his former company. The disclosure was sent to Congress and federal agencies last month. He alleges a chaotic work environment where too many employees have access to central controls and extremely sensitive information without any oversight. He is also reporting that some of the company’s most senior executives have been trying to cover up Twitter’s serious vulnerabilities. Twitter is saying that he is a disgruntled employee who was fired for poor job performance but the claims are not adding up. More to come when he testifies to lawmakers later this year. 

More: FTC | Tech Crunch | Slate | Washington Post ($) | @KimZetter

Some laughs to end our weekly recap: