Plex has been hacked, exposing usernames, emails and passwords

Media streaming platform Plex sent an email to its customers earlier today informing them of a security breach that may have compromised account information, including usernames, email addresses and passwords. Although there is no indication that encrypted passwords will be revealed, Plex advises all users to change their passwords immediately.

Plex is one of the largest media server applications available, and is used by about 20 million people to stream video, audio, and photos that they upload themselves, as well as a growing variety of content the service makes available to paid subscribers.

The email states, “Yesterday, we detected suspicious activity in one of our databases. We immediately launched an investigation and it appears that a third party was able to access a limited subset of data that includes emails, encrypted usernames and passwords.” There is no confirmation that other personal account information has been compromised, and no mention of private media libraries (which may or may not include pirated content, private nudes, and other sensitive content) that were accessed in the breach.

Plex reassures customers that “all account passwords that were accessible have been hashed and secured in accordance with best practices.” The financial information also appears to be safe despite the breach, with the email stating that “credit card and other payment data were not stored on our servers at all and were not at risk in this incident.”

The cause of the breach was found, and Plex took action to prevent others from taking advantage of the same security flaw. “We have already addressed the method this third party used to gain access to the system, and are conducting additional reviews to make sure that we strengthen the security of all our systems to prevent future incursions.”

If you have a Plex account, you should take steps to secure it immediately afterwards These instructions are provided by the company. You should too Enable two-factor authentication If you haven’t already done so. Plex places the two-factor authentication option on your account page.

In addition, you must use Either a free or paid password manager Easily manage unique, hard-to-guess passwords and 2fa codes across all your apps, services, and sites. Web browsers like Google Chrome, Microsoft Edge, and Safari have decent built-in options these days, though dedicated services from the likes of Bitwarden, 1Password, and Lastpass are also available. Some password managers will alert you to hacked passwords online and fill in the passwords automatically when applications and sites on your desktop and phone request them.