 (2).png){kind=logo}
3 days ago
2
The Plex media streaming level has been breached successful what looks to beryllium a repetition of a 2022 incident that saw authentication information and encrypted passwords compromised. The institution is urging users to change their password, alteration two-factor authentication, and motion retired of immoderate connected devices that mightiness already beryllium logged in.
In an email sent to users titled “Action required: Notice of a imaginable information incident,” Plex says a database was accessed by “an unauthorized 3rd party” exposing emails, usernames, and hashed passwords for a “limited subset” of customers. Because the passwords were securely hashed, they can’t beryllium easy work by the attacker, but Plex urges users to alteration them anyway. Plex says recognition paper information wasn’t exposed due to the fact that it’s not stored connected its servers.
Here’s the afloat email sent to Plex users this morning:
We person precocious experienced a information incidental that whitethorn perchance impact your Plex account information. We judge the existent interaction of this incidental is limited; however, enactment is required from you to guarantee your relationship remains secure.
What happened
An unauthorized 3rd enactment accessed a constricted subset of lawsuit information from 1 of our databases. While we rapidly contained the incident, accusation that was accessed included emails, usernames, and securely hashed passwords.
Any relationship passwords that whitethorn person been accessed were securely hashed, successful accordance with champion practices, meaning they cannot beryllium work by a 3rd party. Out of an abundance of caution, we urge you instantly reset your password by visiting https://plex.tv/reset. Rest assured that we bash not store recognition paper information connected our servers, truthful this accusation was not compromised successful this incident.
What we’re doing
We’ve already addressed the method that this 3rd enactment utilized to summation entree to the system, and we’re undergoing further reviews to guarantee that the information of each of our systems is further hardened to forestall aboriginal attacks.
What you indispensable do
We kindly petition that you reset your Plex account password instantly by visiting https://plex.tv/reset. When doing so, there’s a checkbox to “Sign retired connected devices aft password change,” which we urge you enable. This volition motion you retired of each your devices (including any Plex Media Server you own) for your security, and you volition past request to motion backmost successful with your caller password. We recognize that this means a small much enactment for you, but it volition supply further information to your account.
Additional Security Measures You Can Take
We punctual you that no 1 at Plex will ever scope retired to you implicit email to inquire for a password oregon recognition paper fig for payments. For further relationship protection, we besides urge enabling two-factor authentication on your Plex account if you haven’t already done so.
Lastly, we sincerely apologize for immoderate inconvenience this concern whitethorn origin you. We instrumentality pridefulness successful our information systems, which helped america rapidly observe this incident, and we privation to guarantee you that we are moving swiftly to forestall imaginable aboriginal incidents from occurring.
For step-by-step instructions connected however to reset your password, visit:https://support.plex.tv/articles/account-requires-password-reset
Thank you,
The Plex Team
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp)
English (US) ·