SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Plex Urges Password Resets Following Data Breach

Hackers accessed emails, usernames, password hashes, and authentication data stored in a Plex database.

Popular streaming platform Plex on Monday issued an urgent warning that user information has been compromised in a data breach.

“An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords, and authentication data,” Plex said.

The streaming platform says the impact from the incident is believed to be limited, and the hackers should not be able to crack the hashed passwords, but urged users to take immediate action to secure their accounts.

“If you use a password to sign into Plex: We kindly request that you reset your Plex account password immediately by visiting https://plex.tv/reset. When doing so, there’s a checkbox to ‘Sign out connected devices after password change’, which we recommend you enable,” Plex said.

By checking the box, users will be automatically signed out of all their devices, including the Plex Media Server, and will need to sign back in using the new password. While this might seem like an inconvenience, it ensures that the attackers are signed out of any potentially compromised accounts.

Users relying on Single Sign-On to access their accounts should log out of all active sessions and also check the box for signing out of all devices.

Advertisement. Scroll to continue reading.

Plex also notes that it has blocked the attackers’ access to its systems and that it has launched internal reviews to improve security.

The company also encourages users to be wary of potential phishing attacks, including unsolicited communication from Plex impersonators.

“We remind you that no one at Plex will ever reach out to you over email to ask for a password or credit card number for payments,” the streaming platform notes.

What Plex did not say was who was behind the attack and how many users were potentially affected. SecurityWeek has emailed Plex for a statement on the matter and will update this article if the company responds.

Plex suffered a similar data breach back in 2022. 

Related: Rationalizing the Stack: The Case for Security Vendor Consolidation

Related: Through the Lens of Music: What Cybersecurity Can Learn From Joni Mitchell

Related: Meshed Cybersecurity Platforms Enable Complex Business Environments

Related: PromptLock Only PoC, but AI-Powered Ransomware Is Real

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Neill Feather has been named Chief Executive Officer at Point Wild.

Oasis Security has appointed Michael DeCesare as President.

Sterling Wilson has joined IGEL as Global Field CTO, Business Continuity and Disaster Recovery.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.