Skip to main content

Plex breach exposes usernames, emails, and encrypted passwords

Plex breach exposes usernames, emails, and encrypted passwords

/

Change your password now

Share this story

plex logo
Plex informs customers of a security breach that may have compromised account information.
Image: Plex

Streaming media platform Plex sent out an email to its customers earlier today notifying them of a security breach that may have compromised account information, including usernames, email addresses, and passwords. While Plex’s message says “all account passwords that could have been accessed were hashed and secured in accordance with best practices,” it is still advising all users to change their passwords immediately.

Plex is one of the largest media server apps available, used by around 20 million people to stream video, audio, and photos they upload themselves in addition to an increasing variety of content the service provides to paid subscribers.

“A third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords”

The email states, “Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.” There is no indication any other personal account information has been compromised, and there’s no mention of access to private media libraries (which may or may not include pirated content, private nudes, and other sensitive content) having been accessed in the breach.

Plex’s email also reassures customers that financial information appears to be safe despite the breach, stating, “credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.”

The cause of the breach has been found, and Plex says it has taken action to prevent others from taking advantage of the same security flaw. “We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions.”

“We’ve already addressed the method that this third-party employed to gain access to the system”

If you have a Plex account, you should take steps to secure it immediately, following these instructions provided by the company. You should also enable two-factor authentication if you haven’t already. Plex puts the two-factor authentication option under your Account page. 

Additionally, you should be using either a free or paid password manager to easily manage unique, difficult-to-guess passwords and 2FA codes across all your apps, services, and sites. Web browsers such as Google Chrome, Microsoft Edge, and Safari have decent built-in options these days, though dedicated services are also available from the likes of Bitwarden, 1Password, and LastPass. Some password managers will alert you to passwords that have been breached online and autofill passwords when prompted by apps and websites on your desktop and phone.

Update August 24th, 10:14AM ET: Updated clarify that while passwords were included in the data that was potentially accessed, Plex claims they were “hashed and secured in accordance with best practices.”

Today’s Storystream

Feed refreshed Two hours ago Striking out

E
External Link
Emma RothTwo hours ago
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


A
Youtube
Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.


A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.


A
Andrew WebsterSep 24
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.


A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
J
Twitter
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.


T
Twitter
Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.


A
External Link
If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.


A
External Link
Ford is running out of its own Blue Oval badges.

Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.