Media streaming platform plex is warning customers to reset the password after suffering a data breech in which a hacker was able to steal the customer certification data from one of its databases.
In a data breech notification viewed by Bleepingcomputer, please stated that stolen data includes email addresses, user names, safe hashed passwords and authentication data.
The plex data reads in the breech notification, “An unauthorized third party accessed a limited subgroup of customer data from one of our databases.”
“While we quickly incorporated the incident, the information that was accessed included email, user names, and safe hashed passwords.”
“Any account passwords that have been accessed were safely with the best practices, meaning that they cannot be read by a third party.”
Please please not shared what the hashing algorithm was used, increasing the possibility that the attackers may try to crack the password.
Therefore, PLEX recommends that the user, out of “abundance of caution”, reset your password And while doing so, enable “connected devices sign out after password change” sign out connected device “.
This will reset your password and log in to any existing connection using your own credentials. However, for this you have to log in to any device using those credentials.
For those using SSOs to log in in please, the company recommends you to travel out of all active sessions by traveling And clicking on the button that says “Sign out of all equipment”. Once again, you have to log back in to the devices using your credentials.
The company is also reminding users to enable two-factor authentication for safety and it is stress that it will never ask for a password or credit card details on email.
Please say that no payment card information was included in the breech, as it is not stored on its server.
The company says it has addressed the method used to break its server, but has not shared any other technical details about the attack.
Bleepingcomputer contacted the plex with questions about Brech and will update the article if we listen back.
This is not the first time PLEX users have been forced to reset their passwords due to data breech.
In August 2022, PLEX faced almost identical data violations, which exposed certification data and hashed passwords in the attack.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
