Media streaming service Plex has disclosed a security incident in which an unauthorized third party gained access to part of its user database.
According to Plex, the breach exposed usernames, email addresses, and encrypted passwords. The company stressed that the affected passwords were securely hashed and could not be directly read by attackers. Credit card details and payment information were not compromised, as Plex does not store this data on its servers.
The company has since closed the vulnerability that was exploited and has launched further security reviews.
As a precaution, Plex is requiring all users to reset their account passwords. Users are also advised to select the option to sign out connected devices when resetting, which ensures that any unauthorized sessions are terminated.
Additional measures Plex recommends include:
- Enabling two-factor authentication for extra security.
- Being cautious of phishing attempts, as Plex will never ask for account passwords or credit card details over email.
Plex has apologised for the disruption and inconvenience caused, adding that its monitoring systems allowed it to detect and contain the incident quickly.
Users can reset their passwords via plex.tv/reset and find support instructions here.