In an email to users on Wednesday, Plex announced that cybercriminals managed to access customers’ passwords, email addresses and usernames. The breach affects 15 million customers, which is nearly half of Plex’s users.
Plex urges users to change their passwords
“While the account passwords were secured in accordance with best practices, we’re requiring all Plex users to reset their password,” the streaming platform said in the email. Plex revealed that it discovered “suspicious activity” on one of their databases. After investigating the issue, the streaming platform found that a third-party entity managed to access a limited subset of data, including users’ emails, usernames, and encrypted passwords. Encrypted is the operative word here. Plex maintains that users’ password data is hashed and secured, but “out of an abundance of caution,” it is requiring all Plex accounts to initiate a password reset. If you’ve submitted your credit card information to subscribe to one of Plex premium tiers, don’t worry. According to Plex, you can breathe easy — your data is totally safe. “Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident,” Plex said. To change your Plex password, launch a private/incognito browser window. Next, go to Plex’s password reset page (opens in new tab). Enter your email address and hit “Send Instructions.” In a minute or two, you should receive an email that will give you instructions on how to proceed with the password reset process. Check Plex’s support page on how to change your password (opens in new tab) for more detailed instructions.