Plex is one of the largest media server applications available, used by around 20 million people to stream self-uploaded video, audio and photos, in addition to the growing variety of content the service provides to paid subscribers. “A third party was able to access a limited subset of data that includes emails, usernames and encrypted passwords” The email states, “Yesterday, we discovered suspicious activity in one of our databases. We immediately began an investigation and it appears that a third party was able to access a limited subset of data that includes emails, usernames and encrypted passwords.” There is no confirmation that other personal account information has been compromised and no mention of private media libraries (which may or may not include pirated content, private nudes and other sensitive content) accessed during the breach. Plex reassures customers that “all account passwords that could have been accessed were hashed and secured in accordance with best practices.” Financial information also appears to be safe despite the breach, with the email saying “credit card and other payment data is not stored on our servers at all and was not vulnerable in this incident.” The cause of the breach has been found and Plex has taken steps to prevent others from taking advantage of the same security flaw. “We have already addressed the method used by this third party to gain access to the system and are conducting additional reviews to ensure that the security of all our systems is further strengthened to prevent future intrusions.” “We have already looked into the method this third party used to gain access to the system” If you have a Plex account, you should take steps to secure it immediately by following these instructions provided by the company. You should also enable 2-factor authentication if you haven’t already. Plex places the Two Factor Authentication option on your account page. Additionally, you should use either a free or paid password manager to easily manage unique, hard-to-guess passwords and 2fa codes across all your apps, services, and websites. Web browsers like Google Chrome, Microsoft Edge, and Safari have decent built-in options these days, though dedicated services are also available from Bitwarden, 1Password, and Lastpass. Some password managers will notify you of passwords that have been compromised online and auto-fill passwords when prompted by apps and websites on your computer and phone.
