Popular media streaming tool Plex advises customers to change their passwords and be aware of suspicious emails after disclosing that it was recently the victim of a “security incident”.
“We have recently experienced a security incident that may potentially involve your Plex account information,” Plex told its customers in a 9 September advisory.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Keep me signed in on this device.
If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later.
JavaScript is required for CAPTCHA verification to submit this form.
Create free account to get unlimited news articles and more!
First Name
Last Name
Mobile
Organisation Type
By becoming a member, I agree to receive information and promotional messages from Cyber Daily.
I can opt out of these communications at any time.
For more information, please visit our
Privacy Statement.
Need help signing up? Visit the
Help Centre.
“We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure.”
According to Plex, an “unauthorised third party” accessed a limited amount of customer data in one of the company’s databases.
“While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data,” Plex said.
“Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. Out of an abundance of caution, we recommend you take some additional steps to secure your account (see details below). Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident.”
Plex said it has “addressed” the attack vector used by the threat actor and is conducting further reviews of its systems. Not all Plex users have been contacted at the time of publishing.
Many Plex users have flocked to the platform’s forum to complain of issues accessing their media servers after resetting their passwords, however.
“YOU PLEX PEOPLE! I changed my password according to YOUR instructions and now I can’t connect to my PLEX server,” one irate user said.
Another said: “Huge fail on the part of Plex.”
“They send out those notices but fail to let customers know they will have to reclaim their server. Not sure if you can even do it remotely.”
The issue appears to be similar to that many users experienced in the wake of a similar incident in August of 2022, when Plex warned users of another data breach at that time.
