Media streaming platform Plex is warning prospects to reset passwords after struggling an information breach during which a hacker was in a position to steal buyer authentication information from certainly one of its databases.
In an information breach notification seen by BleepingComputer, Plex says the stolen information consists of e-mail addresses, usernames, securely hashed passwords, and authentication information.
“An unauthorized third social gathering accessed a restricted subset of buyer information from certainly one of our databases,” reads the Plex information breach notification.
“Whereas we shortly contained the incident, info that was accessed included emails, usernames, and securely hashed passwords.”
“Any account passwords that will have been accessed had been securely hashed, in accordance with greatest practices, which means they can’t be learn by a 3rd social gathering.”
Plex has not shared what hashing algorithm was used, elevating the likelihood that attackers may try and crack the passwords.
Due to this fact, Plex recommends that customers, out of an “abundance of warning,” reset their password at https://plex.television/reset and in addition allow the “Signal out linked gadgets after password change” choice when doing so.
This may reset your password and sign off any current connections using your personal credentials. Nevertheless, this may also require you to log in once more on any gadgets utilizing these credentials.
For these utilizing SSO to log in to Plex, the corporate recommends you sign off of all lively periods by visiting https://plex.television/safety and clicking the button that claims” Signal out of all gadgets”. As soon as once more, you will have to log again into gadgets utilizing your credentials.
The corporate can also be reminding customers to allow two-factor authentication for added safety and stresses that it’s going to by no means ask for passwords or bank card particulars over e-mail.
Plex says no cost card info was included within the breach, as it is not saved on its server.
The corporate says it has addressed the tactic used to breach its server, however didn’t share any additional technical particulars concerning the assault.
BleepingComputer contacted Plex with questions concerning the breach and can replace the article if we hear again.
This isn’t the primary time Plex customers have been compelled to reset their passwords due to a knowledge breach.
In August 2022, Plex suffered an virtually equivalent information breach, with authentication information and hashed passwords uncovered within the assault.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.