Plex has emailed its users to warn them about a security vulnerability it has discovered. While the subject line of the email refers to a potential data breach, the body talks about suspicious activity and how a third party gained access to part of the database.
The company says the data exposed included emails, usernames and encrypted passwords.
Although all passwords were secure and hashed, all Plex users are required to change their security credentials with the utmost care.
In the email, Plex says we want you to be aware of an incident yesterday that involved your Plex account information.
While we believe the actual impact of this event is limited, we want to make sure you have the right information and tools to keep your account safe.
It goes on to inform users:
Recently, we found dubious action on one of our information bases. We promptly sent off an examination and apparently an outsider had the option to get to a restricted subset of information which incorporates email usernames and encoded passwords.
They were hashed and secured according to best practices, very carefully we require all Plex accounts to reset their passwords. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this event.
The company says it is taking steps to help prevent this from happening again and requires all users to reset their passwords.
Long story short, we request you to reset your Plex account password immediately. When doing this, there is a checkbox to sign out of the connected device after changing the password. It will also sign out on all of your devices, including any of your Plex Media servers.
You should sign back in with your new secret key. It’s a headache, but we recommend doing so for better security. We’ve made a help article here with bit by bit guidelines on the most proficient method to reset your secret word.