Plex was hacked — security incident may have compromised your account information, here’s what to do

by

Each day brings a fresh instance of individuals seemingly lacking more productive pursuits, attempting to seize personal data from others.

Or alternatively,

Day after day, there’s an ongoing occurrence of people apparently devoid of meaningful activities, looking to siphon private details from others.

As a tech-savvy individual, I’ve got some news about my beloved Plex, the go-to home media software for many of us. Unfortunately, they’ve announced a security incident that has potentially impacted some user accounts’ information.

Even though passwords are hashed, meaning they’re transformed into a different set of characters to protect them, it’s still wise for users to occasionally update their passwords as an added layer of security.

Here’s the outline of what happened via the Plex support forums:

Recently, there’s been a security issue that might affect details related to your Plex account. Although we think the immediate consequences are minimal, it’s important for you to take some steps to further safeguard your account.

As a diligent researcher, I regret to inform you about an unfortunate incident that recently occurred. Unauthorized access was gained to a portion of our customer database by an unidentified third party. Although we swiftly secured the situation, the breach revealed certain data, such as emails, usernames, hashed passwords, and authentication details. I understand this news may cause concern, and we are taking every measure to ensure the security of your information moving forward.

We want to assure you that any passwords potentially exposed during the incident were securely hashed following best practices. This means they can’t be understood by anyone other than us. To ensure maximum account security, we suggest you follow some additional precautions (see details below). Please note that we never store credit card data on our servers, so your payment information remains safe.

According to Plex, the vulnerability leading to the unauthorized access has been resolved, and their teams are currently assessing and reinforcing other systems to make sure they remain secure.

As a researcher, I would advise the following steps for enhanced account security: Firstly, I encourage everyone to update their passwords immediately. Secondly, if Two-Factor Authentication (2FA) isn’t already enabled on your accounts, I strongly recommend activating it wherever possible. Using 2FA can significantly increase the protection of your online accounts.

If you opt for a password to access your account, remember that you may need to reset it at some point. On the other hand, if you prefer single sign-on, then you might want to log out of all devices from your account settings. The link provided by support will guide you through the steps to complete these tasks successfully.

Furthermore, Plex wants to clarify that they do not keep credit card details on their servers, ensuring that no payment information was compromised during the security incident.

As a researcher, I understand the inconvenience, but it’s crucial to respond promptly when security breaches happen on services we rely on. Thankfully, Plex appears to have been quick and vigilant in addressing both the issue and notifying its users. Here’s hoping that no users were adversely affected.

As an observer, I would encourage you to regularly check and maintain the health of your online accounts. Avoid using the same password for extended periods, opt for complex ones instead, and consider utilizing a password manager to simplify this process. Moreover, always be cautious about opening suspicious emails that claim to originate from a company or organization.

Read More

2025-09-09 16:39