Plex Advising Users Change Passwords Following Data Breach

Plex is advising all users to change their passwords following a fairly substantial data breach. The streaming service and media host has begun sending out emails to customers notifying them that the compromise may have exposed sensitive information including emails, passwords, and user names.

In the email sent to users, Plex notes, “Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.” The company has not stated whether any other user information has been exposed.

Fortunately, it does not appear as though private libraries (which could contain sensitive material) have also been breached. Nonetheless, it’s advantageous to change your password immediately. Even encrypted passwords may or may not be compromised. Additionally, financial information appears to be safe, per the company. “Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident,” Plex states.

Creator of HaveIBeenPwned Troy Hunt was amongst the many who is affected by the data breach. In response to the email, Hunt raises a fair point and states, “a 1Password generated random password and 2FA enabled makes this a mere inconvenience rather than a genuine risk.” As more and more data breaches occur, having 2FA enabled whenever possible could save from additional troubles.

Plex assures users that the cause of the breach has been discovered. “We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions.”

The company offers steps in order to secure your account immediately. If you feel as though you’d like to activate 2FA, Plex also supports that option under the Account page.