Plex, the media server platform that’s been slowly morphing into a streaming video service, is requiring all its users to reset their passwords after hackers managed to access a “limited subset” of user data, including email addresses and “encrypted” passwords.
Plex users (including me) received an email early Wednesday with details about the breach, which the company said it had discovered a day earlier.
In the email, Plex said that it had “already addressed the method” the hackers used to gain access to user data and that “we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions.”
Credit card numbers and “other payment data” weren’t compromised in the breach, Plex said.
Here’s how Plex described the attack:
Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.
Plex also apologized for the data breach, as well as for the hassle involved in users having to reset their account passwords as well as logging back in to all their Plex-enabled devices.
You can find detailed instruction on how to reset your Plex password right here.
Besides having to log into all your Plex clients again, users who use Plex to access their local media will also have to sign in and/or reclaim their Plex media servers.
This is also a great time to enable two-factor authentication on your Plex account, and here’s how to do it.
