What happened
Plex, the media streaming and personal media server platform, confirmed today that an unauthorized third party accessed a limited subset of customer database information—including emails, usernames, and securely hashed passwords—through a security breach. The company stated that there is no evidence of credit card data being compromised, as they do not store such information.
Plex’s response
-
Users are strongly advised to immediately reset their passwords, visiting https://plex.tv/reset, and to check the option to sign out of all connected devices after changing passwords. If users authenticate via SSO (e.g., Google or Apple), they should log out of all sessions through https://plex.tv/security.
-
Plex recommends enabling two-factor authentication (2FA) to strengthen account security.
-
Plex reassured users that the breach was contained, the vulnerability addressed, and additional security reviews are underway.
-
The company emphasized that it will never ask for passwords or payment info via email, warning users to remain vigilant against phishing.
-
Some users on the Plex forum have raised concerns that password resets may disrupt access to their Plex Media Servers, echoing similar frustrations from the 2022 breach.
