Plex, the popular media streaming platform, recently issued a vital warning. It urges customers to reset their passwords immediately. This action follows a data breach. An unauthorized party accessed one of its databases. This incident impacts customer authentication data.
The breach compromised several data types. These include email addresses, usernames, and securely hashed passwords. Authentication data was also stolen. Notably, Plex stated that any accessed passwords were securely hashed. This practice makes them unreadable by a third party. However, the specific hashing algorithm was not shared. Therefore, there is a possibility that attackers might attempt to crack these passwords.
Plex strongly recommends users reset their password. Visit plex.tv/reset to do this. Additionally, enable the “Sign out connected devices after password change” option. This step is crucial. It will log out any existing connections using your credentials. Consequently, you will need to log in again on all your devices. This measure offers enhanced security.
For those using Single Sign-On (SSO) for Plex, the advice differs slightly. You should log out of all active sessions. Navigate to plex.tv/security and click the “Sign out of all devices” button. Again, you will need to re-authenticate on all devices. Furthermore, Plex reminds everyone to enable two-factor authentication (2FA). This adds an extra layer of protection. Remember, Plex will never ask for passwords or credit card details via email.
Thankfully, no payment card information was included in the breach. Plex does not store such data on its servers. The company states it has addressed the method used for the breach. However, further technical details about the attack remain undisclosed. This incident is not the first for Plex users.
In fact, in August 2022, Plex experienced an almost identical data breach. That past event also exposed authentication data and hashed passwords. Such occurrences highlight a growing trend in cybersecurity. Password cracking, for instance, has seen a significant increase. Therefore, using strong, unique passwords for every service is essential. Enabling 2FA remains one of the best defenses against unauthorized access.