Popular streaming platform Plex on Monday issued an urgent warning that user information has been compromised in a data breach.
“An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords, and authentication data,” Plex said.
The streaming platform says the impact from the incident is believed to be limited, and the hackers should not be able to crack the hashed passwords, but urged users to take immediate action to secure their accounts.
“If you use a password to sign into Plex: We kindly request that you reset your Plex account password immediately by visiting https://plex.tv/reset. When doing so, there’s a checkbox to ‘Sign out connected devices after password change’, which we recommend you enable,” Plex said.
By checking the box, users will be automatically signed out of all their devices, including the Plex Media Server, and will need to sign back in using the new password. While this might seem like an inconvenience, it ensures that the attackers are signed out of any potentially compromised accounts.
Users relying on Single Sign-On to access their accounts should log out of all active sessions and also check the box for signing out of all devices.
Plex also notes that it has blocked the attackers’ access to its systems and that it has launched internal reviews to improve security.
The company also encourages users to be wary of potential phishing attacks, including unsolicited communication from Plex impersonators.
“We remind you that no one at Plex will ever reach out to you over email to ask for a password or credit card number for payments,” the streaming platform notes.
What Plex did not say was who was behind the attack and how many users were potentially affected. SecurityWeek has emailed Plex for a statement on the matter and will update this article if the company responds.
Plex suffered a similar data breach back in 2022.
Related: Rationalizing the Stack: The Case for Security Vendor Consolidation
Related: Through the Lens of Music: What Cybersecurity Can Learn From Joni Mitchell
Related: Meshed Cybersecurity Platforms Enable Complex Business Environments
Related: PromptLock Only PoC, but AI-Powered Ransomware Is Real
