Streaming media platform Plex sent out an email to its customers today, notifying them of a security breach that may have compromised account information, including usernames, email addresses, and passwords. Although there is no indication that the encrypted passwords have been exposed, Plex still advises all users to change their passwords immediately.
Plex is one of the largest media server apps available, used by around 20 million people to stream videos, audio, and photos that they upload themselves, in addition to a growing variety of content that the service offers to paid subscribers.
The email reads: “Yesterday we detected suspicious activity in one of our databases. We immediately launched an investigation and it appears that a limited subset of data, including emails, usernames and encrypted passwords, was accessed by a third party.” There is no confirmation that other personal account information was compromised, and there is none Mention of private media libraries (which may or may not contain pirated content, private nude pictures, and other sensitive content) accessed in the breach.
Plex assures customers that “all accessible account passwords have been hashed and secured according to best practices.” Financial information also appears to be safe despite the breach, as the email states, “Credit card and other payment details are not stored on our servers at all and were not compromised in this incident.”
The source of the breach has been identified and Plex has taken action to prevent others from exploiting the same vulnerability. “We have already addressed the method used by this third party to gain access to the system and we are conducting additional checks to ensure that the security of all our systems is further enhanced to prevent future attacks. “
If you have a Plex account, you should take steps to secure it immediately afterwards these company instructions. You should too Enable 2-factor authentication if you haven’t already. Plex adds two-factor authentication option on your account page.
In addition, you should use either a free or paid password manager to easily manage unique, hard-to-guess passwords and 2FA codes for all your apps, services and websites. Web browsers like Google Chrome, Microsoft Edge, and Safari have decent built-in options these days, although dedicated services from Bitwarden, 1Password, and LastPass are also available. Some password managers will warn you about passwords that have been hacked online and will automatically fill in passwords when prompted by apps and websites on your desktop and phone.