Affiliate links on Android Authority may earn us a commission. Learn more.
You should change your Plex password right now due to potential breach
- Media server app Plex has announced a possible data breach.
- Emails, usernames, and encrypted passwords were accessed as part of the incident.
- The company is requiring a password reset for all accounts.
Plex is one of the most prominent media streaming and media server apps around, allowing you to access your personal media content over a network and offering its own streaming library as well. However, the service has just announced a “potential data breach” and is requiring a password reset for all accounts.
“We want you to be aware of an incident involving your Plex account information yesterday. While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure,” the company wrote in an email sent out to some users.
The team said that it discovered suspicious activity in one of its databases yesterday:
We immediately began an investigation and it does appear that a third party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.
The company added that it’s requiring a password reset for all accounts even though they were “hashed and secured in accordance with best practices.” Plex added that payment data isn’t stored on its servers and therefore wasn’t compromised as part of this breach. It further noted that it’s already addressed the method that was used in the breach and was conducting further security reviews.
So what else can you do about it? Well, the Plex team said you should also tick the checkbox on the password reset page that signs you out of all your devices after a password change. The company adds that users should also enable two-factor authentication and that it won’t ever ask for your password or credit card info via email.
It’s also worth noting that some Plex users on the Android Authority team haven’t received an email notifying them of the breach. We’re guessing that this alert is being sent out gradually due to the fact that the email specifically says passwords for all accounts will be reset.