Plex, the streaming video company, notified its users earlier today of a security incident that may have stolen account information such as usernames, email addresses, and passwords. Despite the fact that Plex’s notification states that “all account credentials that may have been obtained were hashed and encrypted in line with best standards,” the company nonetheless advises all users to change their passwords immediately.
Plex is one of the most popular media server programs, with over 20 million users streaming video, music, and photographs they have uploaded themselves, as well as an expanding selection of material accessible to paying customers.
“Yesterday, we noticed unusual behavior on one of our databases,” according to the email. We launched an inquiry very once, and it seems that a third party was able to access a small portion of data, including emails, usernames, and encrypted passwords.” There is no evidence that any additional personal account information was hacked, and there is no mention of access to private media libraries (which may or may not contain pirated material, private nudes, and other sensitive stuff) being accessed as part of the attack.
Plex’s email also reassures consumers that, despite the breach, their financial information seems to be secure, noting that “credit card and other payment data are not kept on our systems at all and were not exposed in this event.”
The source of the attack has been identified, and Plex claims to have taken steps to prevent others from exploiting the same security issue. “We’ve already addressed the approach used by this third party to get access to the system, and we’re doing further checks to ensure that the security of all of our systems is toughened further to avoid future breaches.”
If you have a Plex account, you should immediately take measures to safeguard it by following the company’s guidelines. If you haven’t already, you should activate two-factor authentication. Plex has a two-factor authentication option on the Account page.
Furthermore, you should use a password manager, either free or premium, to effortlessly manage unique, difficult-to-guess passwords and 2FA codes across all of your applications, services, and websites. Web browsers like Google Chrome, Microsoft Edge, and Safari offer great built-in alternatives these days, but specialized services like Bitwarden, 1Password, and LastPass are also accessible. Some password managers will notify you if your password has been compromised online and will autofill passwords when asked by applications and websites on your desktop or phone.