Plex Asks All Users to Change Their Passwords Due a Data Breach

pcmag.com:

Plex has suffered a data breach and is requiring all users to change their passwords "out of an abundance of caution."

As Engadget reports(Opens in a new window), suspicious activity was detected on Plex's databases yesterday, which led to the discovery of a third-party having gained unauthorized access. A "limited subset" of user email addresses, usernames, and encrypted passwords were subsequently accessed. The good news is, those passwords were hashed, but Plex isn't taking any chances, hence the requirement to pick a new password.

In a letter to users, Plex said it has already identified the method used to access the databases and stopped it from being possible again. Further security measures are going to be considered once a review is completed.

If you are a Plex user, there's a guide on how to reset your password(Opens in a new window). Plex also requests you tick the box that says "Sign out connected devices after password change" for increased security while also acknowledging they know "this is a headache." Two-factor authentication for Plex accounts is available and highly encouraged if you aren't using it already.

Troy Hunt, creator of Have I Been Pwned?(Opens in a new window), pointed out on Twitter that because Plex has requested all users reset their password, everyone is trying to do so at the same time. This has led to Plex's servers struggling and ultimately failing to cope with the load(Opens in a new window). So if you see an internal server error appear when attempting to reset, be patient and try again later. Some users have had success by not ticking the "sign out of all devices" box, though.

Sign up for What's New Now to get our top stories delivered to your inbox every morning.

This newsletter