Urgent: Change Your Plex Password Now
▼ Summary
– Plex experienced a security incident where an unauthorized third party accessed a limited subset of customer data, including emails, usernames, and securely hashed passwords.
– The company recommends users immediately reset their passwords via a provided link, as a precaution despite the passwords being securely hashed and unreadable.
– Plex has already addressed the method used for unauthorized access and is conducting additional security reviews to prevent future attacks.
– Users are advised to enable the option to sign out all connected devices when resetting their password for added security.
– Plex confirms that credit card data was not compromised and encourages enabling two-factor authentication for further account protection.
We are reaching out to inform you of a recent security event that may have affected your Plex account. While we assess the actual impact to be minimal, we strongly advise taking immediate action to protect your account and personal information.
An unauthorized individual gained access to a portion of our customer data stored in one database. Although we acted quickly to contain the breach, the information involved included email addresses, usernames, and securely hashed passwords. It’s important to note that these passwords were protected using industry-standard hashing techniques, meaning they were not stored in readable form. Still, we urge all users to reset their passwords as a precautionary step. You can do so by visiting https://plex.tv/reset. Please be assured that credit card information is not stored on our servers and was not part of this incident.
Our team has already addressed the vulnerability exploited in this attack. We are conducting comprehensive security reviews and implementing additional safeguards to strengthen our systems against future threats.
To secure your account, please reset your password right away. When you do, we recommend selecting the option to “Sign out connected devices after password change.” This will log out all active sessions, including any linked Plex Media Servers, requiring you to sign back in with your new credentials. We recognize this may cause a temporary inconvenience, but it significantly enhances your account’s security.
We also encourage you to enable two-factor authentication for an added layer of protection. Remember, Plex will never contact you via email to request your password or payment details. Stay vigilant and only use official channels for account-related actions.
We sincerely apologize for any disruption this may cause. Our security protocols allowed us to identify and respond to this incident rapidly, and we are committed to maintaining the trust you place in us.
For detailed instructions on resetting your password, please visit: https://support.plex.tv/articles/account-requires-password-reset
(Source: The Verge)
