A security breach may have compromised account information, including usernames, email addresses and passwords. All users are advised to change their passwords immediately, even though there is no evidence that the passwords were exposed.
In addition to an increasing variety of content the service provides to paid subscribers, Plex is one of the largest media server apps available, used by 20 million people to stream video, audio and photos they uploaded themselves, in addition to an increasing variety of content the service provides to paid subscribers.
“A third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords”
Suspicious activity on one of our databases was discovered yesterday. It appears that a third-party was able to access a limited subset of data that included emails, usernames, and passwords. There is no confirmation that any private media libraries have been accessed or that any account information has been compromised.
All account passwords that could have been accessed were hashed and secured, according to the company. Credit card and other payment data are not stored on our server at all and were not vulnerable in the incident.
Plex has taken action to prevent other people from taking advantage of the same security flaw that caused the breach. We already addressed the method that this third-party used to gain access to the system, and we are doing more reviews to make sure the security of all of our systems is further hardened to prevent future incursions.
“We’ve already addressed the method that this third-party employed to gain access to the system”
You should follow the instructions provided by the company if you have a Plex account. If you haven't enabled it already, you should. Under your account page, there is a Two-FactorAuthentication option.
You should use either a free or paid password manager to easily manage unique, difficult-to-guess passwords and 2FA codes. Dedicated services are available from the likes of Bitwarden, 1Password, and Lastpass, as well as built-in options in some browsers. Password managers will let you know if your passwords have been compromised online and if you have to fill them out.