Plex confirms massive data breach and triggers password reset

The media streaming service Plex has informed users of a serious data breach that has compromised personal information.

The platform, which is popular among cord-cutters and those with a large library of downloaded content, e-mailed users advising them to reset passwords following the attack which took advantage of a security flaw.

While usernames and email addresses were exposed, Plex says the passwords stolen were all hashed and encrypted limiting the possibility for exposure. The company says it followed best practice for encryption. Credit card information and payment data was not part of the breach, Plex assures.

“Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords,” it wrote in the correspondence to subscribers.

Plex says it has plugged the security issue that enabled hackers to compromise users’ data and is going to extra lengths to ensure its defences are tight.

The company added: “We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions.”

While the chances of the accounts being cracked are low due to the password hashing, it’s always best to turn on on two factor authentication when available – as it is with Plex – or use a password manager to generate secure passwords.

If you haven’t already, you can change your password via the instructions detailed here.