Media streaming platform Plex is warning clients to reset passwords after struggling an information breach by which a hacker was in a position to steal buyer authentication information from certainly one of its databases.
In an information breach notification seen by BleepingComputer, Plex says the stolen information contains electronic mail addresses, usernames, securely hashed passwords, and authentication information.
“An unauthorized third get together accessed a restricted subset of buyer information from certainly one of our databases,” reads the Plex information breach notification.
“Whereas we shortly contained the incident, info that was accessed included emails, usernames, and securely hashed passwords.”
“Any account passwords which will have been accessed had been securely hashed, in accordance with finest practices, that means they can’t be learn by a 3rd get together.”
Plex has not shared what hashing algorithm was used, elevating the likelihood that attackers might try to crack the passwords.
Due to this fact, Plex recommends that customers, out of an “abundance of warning,” reset their password at https://plex.television/reset and likewise allow the “Signal out linked units after password change” possibility when doing so.
This can reset your password and sign off any current connections using your personal credentials. Nonetheless, this may even require you to log in once more on any units utilizing these credentials.
For these utilizing SSO to log in to Plex, the corporate recommends you sign off of all lively periods by visiting https://plex.television/safety and clicking the button that claims” Signal out of all units”. As soon as once more, you will have to log again into units utilizing your credentials.
The corporate can be reminding customers to allow two-factor authentication for added safety and stresses that it’s going to by no means ask for passwords or bank card particulars over electronic mail.
Plex says no cost card info was included within the breach, as it isn’t saved on its server.
The corporate says it has addressed the tactic used to breach its server, however didn’t share any additional technical particulars in regards to the assault.
BleepingComputer contacted Plex with questions in regards to the breach and can replace the article if we hear again.
This isn’t the primary time Plex customers have been pressured to reset their passwords due to an information breach.
In August 2022, Plex suffered an virtually an identical information breach, with authentication information and hashed passwords uncovered within the assault.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration developments.
