Plex Asks Users to Reset Passwords Following Data Breach

Popular media platform Plex has asked users to change their passwords "out of an abundance of caution" after it found a third-party had gained access to one of its internal systems.

plex
In a message to all users, Plex said that after discovering "suspicious activity" on one of its databases on Tuesday, the company ascertained that a hacker had been able to access "a limited subset of data" including emails, usernames, and passwords. From the email:

Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex account to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable to this incident.

Plex is asking users to tick the checkbox "Sign out connected devices after password change," when resetting their account password. This will sign out all devices, including Plex Media Servers, and require users to sign back in with their new password. Plex also recommends enabling two-factor authentication on their Plex account if they haven't already.


Plex says it has already addressed the method that the hacker used to gain access to the database, and it is conducting additional reviews to ensure the security of its systems and prevent a similar incident occurring.

Tag: Plex

Top Rated Comments

elmateo487 Avatar
22 months ago

Are they really storing passwords? That is the highest level of incompetence. They should store the salted hash, like everyone else.
Are you really not reading the article? That is the highest level of incompetence. You should read the article, like everyone else.
Score: 22 Votes (Like | Disagree)
adrianlondon Avatar
22 months ago
I like to waste hackers' time by using the same password for everything, so on each hack they never get anything new.
Score: 18 Votes (Like | Disagree)
DFP1989 Avatar
22 months ago

Are they really storing passwords? That is the highest level of incompetence. They should store the salted hash, like everyone else.
No, they are a salted hash.
Score: 10 Votes (Like | Disagree)
contacos Avatar
22 months ago
Weird. Didn’t receive and email.
Score: 6 Votes (Like | Disagree)
chriscl Avatar
22 months ago

Likewise. Don't know if they're just getting slammed by people trying to reset their passwords or if there's another issue at play.
They are getting slammed by people trying to reset their passwords and than log back in again.

I managed to reset mine first thing this morning (I am in Germany, so CET) but I suspect as more users in Europe - and the US - get these emails, that the response time will get slower (if the sites load at all).

They also had some issues with the pw-reset link generating a message „The Token is Invalid. Please request a new one“, but if you actually did the pw change, the site accepted it (which is what happened with mine, and I was then able to log in with the new credentials).

Also, if you have not already done so, please enable 2FA. It really is worth it for the added security.
Score: 6 Votes (Like | Disagree)
dmylrea Avatar
22 months ago

I'm still unable to create a new password when provided the link to do so. I keep getting a "The token is invalid, please request a new one" error, and it's not saving or updating to the new password I'm trying to create. BOOO.
I think their systems will be a bit overwhelmed today. I am in the process of re-linking all my AppleTV boxes and the plex.tv/link site is a bit unstable also. Just need patience... :)
Score: 4 Votes (Like | Disagree)

Popular Stories

Provenance Emulator

PlayStation, GameCube, Wii, and SEGA Emulator for iPhone and Apple TV Coming to App Store

Friday April 19, 2024 8:29 am PDT by
The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, GameCube, Wii,...
iPhone 15 Pro FineWoven

Apple Reportedly Stops Production of FineWoven Accessories

Sunday April 21, 2024 6:03 am PDT by
Apple has stopped production of FineWoven accessories, according to the Apple leaker and prototype collector known as "Kosutami." In a post on X (formerly Twitter), Kosutami explained that Apple has stopped production of FineWoven accessories due to its poor durability. The company may move to another non-leather material for its premium accessories in the future. Kosutami has revealed...
Delta Feature

Delta Game Emulator Now Available From App Store on iPhone

Wednesday April 17, 2024 9:58 am PDT by
Game emulator apps have come and gone since Apple announced App Store support for them on April 5, but now popular game emulator Delta from developer Riley Testut is available for download. Testut is known as the developer behind GBA4iOS, an open-source emulator that was available for a brief time more than a decade ago. GBA4iOS led to Delta, an emulator that has been available outside of...
iPad Air 12

12.9-Inch iPad Air Now Rumored to Feature Mini-LED Display

Thursday April 18, 2024 7:37 am PDT by
The rumored 12.9-inch iPad Air that is expected to be announced in May will be equipped with a mini-LED display like the current 12.9-inch iPad Pro, according to Ross Young, CEO of research firm Display Supply Chain Consultants. The existing 10.9-inch iPad Air is equipped with a standard LCD panel, and the move to mini-LED technology for the 12.9-inch model would provide increased brightness for...