Plex, an American streaming media service and a client-server media player platform, alerted users via email of a data breach in which hackers were able to access emails, usernames, and encrypted passwords. The company said it is requiring Plex users to reset their passwords as a result of the incident.
Plex said they discovered suspicious activity on one of their databases and immediately began an investigation. They said it appears that a third party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution Plex is requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.
The Plex Account Data Breach Email
What Plex is Doing
Plex has already addressed the method that this third-party employed to gain access to the system, and they are doing additional reviews to ensure that the security of all of their systems is further hardened to prevent future incursions. While the account passwords were secured in accordance with best practices, Plex is requiring all Plex users to reset their passwords.
What You Can Do
Plex kindly request that users reset their Plex account password immediately. When doing so, there's a checkbox to "Sign out connected devices after a password change." This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. Plex has created a support article with step-by-step instructions on how to reset your password here.
For step-by-step instructions on how to reset your password, visit: https://support.plex.tv/articles/account-requires-password-reset