Media streaming platform Plex is warning clients to reset passwords after struggling a data breach by which a hacker was in a position to steal buyer authentication information from one in every of its databases.
In a data breach notification seen by BleepingComputer, Plex says the stolen information contains e mail addresses, usernames, securely hashed passwords, and authentication information.
“An unauthorized third celebration accessed a restricted subset of buyer information from one in every of our databases,” reads the Plex data breach notification.
“Whereas we rapidly contained the incident, info that was accessed included emails, usernames, and securely hashed passwords.”
“Any account passwords that will have been accessed have been securely hashed, in accordance with finest practices, which means they can’t be learn by a 3rd celebration.”
Plex has not shared what hashing algorithm was used, elevating the likelihood that attackers might try and crack the passwords.
Subsequently, Plex recommends that customers, out of an “abundance of warning,” reset their password at https://plex.television/reset and in addition allow the “Signal out related gadgets after password change” possibility when doing so.
This can reset your password and sign off any current connections using your personal credentials. Nonetheless, this can even require you to log in once more on any gadgets utilizing these credentials.
For these utilizing SSO to log in to Plex, the corporate recommends you sign off of all lively periods by visiting https://plex.television/security and clicking the button that claims” Signal out of all gadgets”. As soon as once more, you have to to log again into gadgets utilizing your credentials.
The corporate can also be reminding customers to allow two-factor authentication for added safety and stresses that it’s going to by no means ask for passwords or bank card particulars over e mail.
Plex says no cost card info was included within the breach, as it is not saved on its server.
The corporate says it has addressed the tactic used to breach its server, however didn’t share any additional technical particulars concerning the assault.
BleepingComputer contacted Plex with questions concerning the breach and can replace the article if we hear again.
This isn’t the primary time Plex customers have been pressured to reset their passwords resulting from a data breach.
In August 2022, Plex suffered an virtually similar data breach, with authentication information and hashed passwords uncovered within the assault.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration tendencies.
