Media streaming platform Plex is warning prospects to reset passwords after struggling a knowledge breach through which a hacker was in a position to steal buyer authentication knowledge from one in every of its databases.
In a knowledge breach notification seen by BleepingComputer, Plex says the stolen knowledge contains e-mail addresses, usernames, securely hashed passwords, and authentication knowledge.
“An unauthorized third celebration accessed a restricted subset of buyer knowledge from one in every of our databases,” reads the Plex knowledge breach notification.
“Whereas we rapidly contained the incident, info that was accessed included emails, usernames, and securely hashed passwords.”
“Any account passwords that will have been accessed had been securely hashed, in accordance with finest practices, which means they can’t be learn by a 3rd celebration.”
Plex has not shared what hashing algorithm was used, elevating the likelihood that attackers may try and crack the passwords.
Subsequently, Plex recommends that customers, out of an “abundance of warning,” reset their password at https://plex.television/reset and likewise allow the “Signal out linked gadgets after password change” possibility when doing so.
It will reset your password and log off any current connections using your personal credentials. Nonetheless, this may even require you to log in once more on any gadgets utilizing these credentials.
For these utilizing SSO to log in to Plex, the corporate recommends you log off of all lively classes by visiting https://plex.television/safety and clicking the button that claims” Signal out of all gadgets”. As soon as once more, you will have to log again into gadgets utilizing your credentials.
The corporate can be reminding customers to allow two-factor authentication for added safety and stresses that it’s going to by no means ask for passwords or bank card particulars over e-mail.
Plex says no cost card info was included within the breach, as it is not saved on its server.
The corporate says it has addressed the tactic used to breach its server, however didn’t share any additional technical particulars in regards to the assault.
BleepingComputer contacted Plex with questions in regards to the breach and can replace the article if we hear again.
This isn’t the primary time Plex customers have been pressured to reset their passwords due to a knowledge breach.
In August 2022, Plex suffered an nearly an identical knowledge breach, with authentication knowledge and hashed passwords uncovered within the assault.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration developments.
