Plex advises users to update their passwords following a data breach and encourages server owners to upgrade for improved SEO.

Plex, the media streaming company, has recently experienced a data breach and is urging its users to reset their account passwords and enable two-factor authentication. An announcement on the company’s forums and via email revealed that an unauthorised third party accessed a limited subset of customer data from one of their databases. The compromised information included emails, usernames, securely hashed passwords, and authentication data. Users are advised to reset their Plex account passwords immediately, sign out of all devices, and sign back in with the new password. Those using single sign-on (SSO) should also follow the signing-out process before logging back in.

Additionally, Plex has indicated that server owners must claim their servers again and may need to update them due to adjustments made that temporarily prevent regular users from connecting to any Plex server they have access to. This measure is in response to many Plex Media Server instances not being updated to version 1.42.1, which addresses a vulnerability that could be exploited by authenticated users. While Plex has assured users that no credit card data was accessed, they have warned that the stolen data could be used for phishing attempts. Users are reminded that Plex will never request passwords or credit card information via email. 

Categories: Data Breach, User Security, Software Vulnerability 

Tags: Data Breach, Plex, Password Reset, Two-Factor Authentication, User Data, Media Server, Vulnerability, Phishing Attempts, Authentication Data, Server Update