Plex is advising all users to change their passwords following a fairly large data breach. The streaming service and media host began sending emails to customers notifying them that the compromise may have exposed sensitive information, including emails, passwords and usernames.
In the email sent to users, Plex notes: “Yesterday we discovered suspicious activity on one of our databases. We immediately launched an investigation and it appears that a third party was able to access a limited subset of data including encrypted emails, usernames and passwords. The company did not say if any other user information was exposed.
Fortunately, it does not appear that any private libraries (which may contain sensitive material) have also been hacked. Nevertheless, it is advantageous to change your password immediately. Even encrypted passwords may or may not be compromised. Additionally, financial information appears to be safe, according to the company. “Rest assured that credit card and other payment data is not stored on our servers at all and was not vulnerable in this incident,” Plex says.
Creator of I was taken Trojan Hunt was among many affected by the data breach. In response to the email, Hunt makes a fair point and says: “a 1Password random password generated and 2FA enabled make this a mere inconvenience rather than a real risk. As more and more data breaches occur, enabling 2FA whenever possible could prevent additional problems.
Aw shit, I’m pwned in a @plex data breach. Still. There’s nothing I can do to *not* be in an offense like this (unless I’m not using the service), but a @1Password random password generated and 2FA enabled make this a mere inconvenience rather than a real risk. pic.twitter.com/XetB3IGUh3
— Troy Hunt (@troyhunt) August 24, 2022
Plex assures users that the cause of the breach has been discovered. “We have already addressed the method used by this third party to gain access to the system, and we are conducting additional reviews to ensure that the security of all of our systems is further tightened to prevent future incursions.”
The company offers steps to secure your account immediately. If you want to enable 2FA, Plex also supports this option under the Account page.