The streaming multimedia platform Plex is warning customers that they need to change their passwords immediately. The company suffered a data breach during which an attacker managed to steal users’ authentication data from the database.
“An unauthorized third party gained access to a limited subset of user data from one of our databases,” the notice Plex sent to users says. “Although we quickly contained the incident, the information accessed included email addresses, usernames, and securely hashed passwords.”
It is emphasized that the passwords for the accounts that attackers may have accessed were “securely hashed in accordance with best practices,” and hackers will not be able to read them. At the same time, Plex does not specify which hashing algorithm was used.
It is also noted that payment card information was not affected, as it is not stored on the company’s servers.
Nevertheless, Plex representatives say that users should reset their passwords at https://plex.tv/reset as an additional precaution, and also enable the “Sign out connected devices after password change” option. This will reset the password and end all existing sessions that might be using potentially compromised data.
The company also reminds users to enable two-factor authentication for additional protection and emphasizes that it will never ask for passwords or payment card details via email.
Plex representatives say the company has already fixed the issue that attackers used to breach the server, but no further details about the attack are being disclosed yet.
It’s worth recalling that this is not the first time Plex users have had to reset their passwords due to a cyberattack. In August 2022, the company was hit by a nearly identical data breach. At the time, hackers managed to access the database and steal passwords, usernames, and email addresses belonging to at least 15 million people.