Plex Urges Users to Reset Passwords After Data Breach

Plex, the streaming media platform, is warning customers to reset their passwords immediately following a security breach that exposed user authentication data.

“An unauthorized third party accessed a limited subset of user data from one of our databases,” Plex wrote in its notification to users. “Although we quickly contained the incident, the information that was accessed included emails, usernames, and securely hashed passwords.”

What Was Accessed

Plex emphasized that the compromised passwords were securely hashed according to best practices, which should prevent attackers from directly reading them. The company, however, did not specify which hashing algorithm was used.

Payment card details were not affected, as Plex does not store this information on its servers.

Recommended Actions

As a precaution, Plex is urging users to reset their passwords at plex.tv/reset. The company also recommends enabling the option to “Sign out of connected devices after password change” to ensure that any potentially compromised sessions are terminated.

Users are further advised to enable two-factor authentication (2FA) for added protection. Plex stressed that it will never request passwords or payment details via email.

Company Response

According to Plex, the vulnerability exploited in the breach has already been patched, though no technical details about the attack have been released.

This is not the first time Plex customers have been affected by a similar incident. In August 2022, the company experienced an almost identical breach in which hackers accessed a database containing usernames, email addresses, and passwords of at least 15 million users.