Plex has emailed its users to warn them about a security flaw that it has discovered. While the email’s subject line mentions a “potential data breach,” the body discusses suspicious activity and a third party gaining access to a portion of a database.
According to the company, the exposed data included emails, usernames, and encrypted passwords. Despite the fact that all passwords were encrypted and hashed, all Plex users are required to change their security credentials out of a “abundance of caution.”
“We want you to be aware of an incident involving your Plex account information yesterday,” Plex says in the email. “While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure.”
Plex suffers data breach; third-party gains access to emails, usernames and more
- By Sofia Wyciślik-Wilson
- Published 1 day ago
Plex has emailed its users to warn about a security indecent it has become aware of. While the subject line of the email refers to a “potential data breach”, the body goes on to talk about suspicious activity and a third-party gaining access to part of a database.
The company says that the exposed data included emails, usernames and encrypted passwords. Although all passwords were secured and hashed, all Plex users are required to change their security credentials out of an “abundance of caution”.
- Microsoft is preparing to release Windows 11 2022 Update– the update formerly known as Windows 11 22H2
- KB5015878 update broke audio in Windows but Microsoft has a fix… of sorts
- Microsoft is rolling out a Windows 11 update that adds widget notifications to the taskbar
In the email, Plex says: “We want you to be aware of an incident involving your Plex account information yesterday. While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure”.
It goes on to inform users:
Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.
The company says it is taking steps to help avoid something similar happening again and is requiring all users to reset their passwords.
Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there’s a checkbox to “Sign out connected devices after password change.” This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password here.