Popular media streaming platform Plex has suffered a security breach, just like a similar incident in 2022. An unauthorized third party accessed a small subset of Plex users’ data, including email addresses, usernames, and hashed passwords. Fortunately, Plex does not store credit card information, so that data was not exposed.
Plex has quickly contained the breach and fixed the vulnerability that allowed the attack. They have sent emails to affected users, asking them to reset their passwords immediately. Users are advised to visit the official Plex password reset page to create a new password and select the option to sign out of all connected devices. This will help secure accounts from any unauthorized use.
For those who log in using Single Sign-On (SSO), Plex recommends logging out from all devices via their security page and signing back in with the new credentials. Additionally, Plex encourages users to enable two-factor authentication (2FA) for stronger protection against future attacks.
Plex assures users that their incident detection systems worked well to detect the breach early. The company is also reviewing its security measures to prevent similar events in the future. Users should be careful of phishing emails and remember that Plex will never ask for passwords or credit card numbers via email.
If a Plex user reuses their Plex password on other sites, it is wise to change those passwords too. Staying vigilant and updating passwords regularly helps keep online accounts safe.