Plex, a popular media streaming platform, is advising all customers to reset their passwords following a recent security incident. The company confirmed that a hacker gained unauthorized access to one of its databases, compromising a limited amount of user data. This stolen information includes email addresses, usernames, and securely hashed passwords. Although the passwords were encrypted, the company is taking a cautious approach and recommending that all users update their login credentials immediately to prevent further risk.
In an official notification, Plex stated that the breach was quickly contained. While the company did not disclose the specific hashing algorithm used to protect the passwords, they have confirmed that no payment card information was exposed in the attack. Plex clarified that it does not store credit card details on its servers, which is a common security practice for many online services. This incident is a stark reminder for users to remain vigilant about their online security, especially when using platforms that store personal information.
To ensure your account is secure, Plex has provided specific instructions for all users. The company is recommending that you reset your password by visiting their official password reset page. During this process, you should select the “Sign out connected devices after password change” option. This will force a logout on all devices linked to your account, requiring you to log in again with your new password. This step is crucial for invalidating any active sessions that might be compromised.
For those who use Single Sign-On (SSO) to access their Plex account, the process is slightly different. Instead of a password reset, you should go to the Plex security page and click the “Sign out of all devices” button. This action will also terminate all active sessions, requiring you to reauthenticate on each device. This ensures that any unauthorized access is immediately cut off. Plex is also using this opportunity to remind users to enable two-factor authentication (2FA) for an extra layer of protection, which can prevent unauthorized logins even if a password is stolen.
This isn’t the first time Plex has faced such a challenge. In August 2022, the company experienced a nearly identical data breach, which also resulted in the exposure of authentication data and hashed passwords. This repeated security issue highlights the ongoing struggle to protect user data in the digital age. Plex has stated that it has addressed the method used in the latest breach but has not shared any technical details. As always, users should be wary of any unsolicited emails asking for personal information, as Plex has emphasized that they will never ask for passwords or credit card details via email.
Reference:
