Plex Urges Users to Reset Passwords After Data Breach

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Plex, the popular US media streaming service platform, confirmed a data breach that impacted most of its users. This breach may have also accessed customers’ sensitive account information, including usernames, email addresses, and passwords.

The company runs a streaming service and media player platform that allows you to watch shows or stream music from your own collection on most operating systems. With over 30 million registered users, Plex is one of the largest media server apps on the market.

Plex notified impacted customers that suspicious activity began on Tuesday. After noticing this suspicious activity, the company immediately started an investigation.

Letters were then the next day sent out notifying users of a mandatory password reset.

“Yesterday, we discovered suspicious activity on one of our databases,” read the company’s data breach letter. “We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.

“Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset.”

Additionally, the letter reassured users that the data breach did not impact their financial information (including credit card data) since it isn’t stored on Plex’s servers. The company also said it discovered the mechanism that allowed the threat actor to infiltrate its system, and is working on fixing it.

“We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions,” said Plex.

On Tuesday, Plex’s streaming website was briefly offline during the incident. However, users can still reset passwords and enable two-factor authentication (2FA) as extra security measures.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.

Leave a Comment