Plex Asks Users to Reset Passwords Following Data Breach

Popular media platform Plex has asked users to change their passwords "out of an abundance of caution" after it found a third-party had gained access to one of its internal systems.

plex
In a message to all users, Plex said that after discovering "suspicious activity" on one of its databases on Tuesday, the company ascertained that a hacker had been able to access "a limited subset of data" including emails, usernames, and passwords. From the email:

Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex account to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable to this incident.

Plex is asking users to tick the checkbox "Sign out connected devices after password change," when resetting their account password. This will sign out all devices, including Plex Media Servers, and require users to sign back in with their new password. Plex also recommends enabling two-factor authentication on their Plex account if they haven't already.


Plex says it has already addressed the method that the hacker used to gain access to the database, and it is conducting additional reviews to ensure the security of its systems and prevent a similar incident occurring.

Tag: Plex

Popular Stories

iPhone 15 Pro Cameras

iPhone 17 Pro Max Will Be First Model to Feature Three 48MP Cameras

Thursday July 11, 2024 12:20 am PDT by
Next year's iPhone 17 Pro Max will feature an upgraded 48-megapixel Tetraprism camera for enhanced photo quality and zoom functionality, according to Apple analyst Ming-Chi Kuo. In his n-iphone-tetraprism-upgrade-ca62dd37e364">latest investor note published to Medium, Kuo said the key specification change would be a 1/2.6" 48MP CIS sensor, up from the 1/3.1" 12MP sensor expected to be used...
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

10 Reasons to Wait for Next Year's iPhone 17

Monday July 8, 2024 5:00 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different – already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
maxresdefault

Apple's AirPods Pro 2 vs. Samsung's Galaxy Buds3 Pro

Saturday July 13, 2024 8:00 am PDT by
Samsung this week introduced its latest earbuds, the Galaxy Buds3 Pro, which look quite a bit like Apple's AirPods Pro 2. Given the similarities, we thought we'd compare Samsung's new earbuds to the AirPods Pro. Subscribe to the MacRumors YouTube channel for more videos. Design wise, you could potentially mistake Samsung's Galaxy Buds3 Pro for the AirPods Pro. The Buds3 Pro have the same...
iPhone 16 Pro Front Update Blue

iPhone 16 Pro Rumored to Support 40W Fast Charging and 20W MagSafe

Wednesday July 10, 2024 3:57 am PDT by
Apple's forthcoming iPhone 16 Pro and iPhone 16 Pro Max will support 40W wired fast charging and 20W MagSafe charging, claims a rumor currently swirling around China. Right now, iPhone 15 and iPhone 15 Pro models are capable of up to 27W peak charging speeds with an appropriate USB-C power adapter, while official MagSafe chargers from Apple and authorized third parties can wirelessly charge...

Top Rated Comments

elmateo487 Avatar
25 months ago

Are they really storing passwords? That is the highest level of incompetence. They should store the salted hash, like everyone else.
Are you really not reading the article? That is the highest level of incompetence. You should read the article, like everyone else.
Score: 22 Votes (Like | Disagree)
adrianlondon Avatar
25 months ago
I like to waste hackers' time by using the same password for everything, so on each hack they never get anything new.
Score: 18 Votes (Like | Disagree)
DFP1989 Avatar
25 months ago

Are they really storing passwords? That is the highest level of incompetence. They should store the salted hash, like everyone else.
No, they are a salted hash.
Score: 10 Votes (Like | Disagree)
contacos Avatar
25 months ago
Weird. Didn’t receive and email.
Score: 6 Votes (Like | Disagree)
chriscl Avatar
25 months ago

Likewise. Don't know if they're just getting slammed by people trying to reset their passwords or if there's another issue at play.
They are getting slammed by people trying to reset their passwords and than log back in again.

I managed to reset mine first thing this morning (I am in Germany, so CET) but I suspect as more users in Europe - and the US - get these emails, that the response time will get slower (if the sites load at all).

They also had some issues with the pw-reset link generating a message „The Token is Invalid. Please request a new one“, but if you actually did the pw change, the site accepted it (which is what happened with mine, and I was then able to log in with the new credentials).

Also, if you have not already done so, please enable 2FA. It really is worth it for the added security.
Score: 6 Votes (Like | Disagree)
DEMinSoCAL Avatar
25 months ago

I'm still unable to create a new password when provided the link to do so. I keep getting a "The token is invalid, please request a new one" error, and it's not saving or updating to the new password I'm trying to create. BOOO.
I think their systems will be a bit overwhelmed today. I am in the process of re-linking all my AppleTV boxes and the plex.tv/link site is a bit unstable also. Just need patience... :)
Score: 4 Votes (Like | Disagree)