You’ve likely heard of Plex, especially if you own a NAS and enjoy media streaming. If not, it’s the most popular media server app and service available on everything, including the kitchen sink. The company just alerted customers to a “potential security breach,” so here’s everything you need to know.
What happened?
On August 24, 2022, Plex sent out an email alert to customers. This alert contained information on a potential security breach detected by the company on one of its databases. This database contains email addresses, passwords, and usernames. According to Plex, only a limited subset of this data was available to a third party.
Passwords are hashed (encrypted) when stored in the database, and while it’s unlikely your account may be compromised, Plex is requesting all customers change passwords immediately. There’s a handy guide on the Plex website with additional details.
Plex is currently investigating the breach but has noted the means of access have already been addressed.
We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions. While the account passwords were secured in accordance with best practices, we’re requiring all Plex users to reset their password.
Plex
Data breaches can sometimes happen. Even with the best security practices adhered to, companies can fall victim to such attacks as more malicious parties get online to try and obtain data through illegal methods. Plex appears to be taking a proactive stance and this notice is a great step in ensuring customers feel safe using the service.
What should I do?
You will need to change your Plex password. Even if your account was unaffected or passwords were not obtained by malicious means, Plex is requesting all accounts to do so to ensure accounts are secured. Plex offers the option to sign you out of all devices when changing the password. I recommend checking this option.
After you’ve changed your password, it’s worth considering two-factor authentication, if it’s not already enabled on your account. Better still, make sure to use a randomly generated password for all your accounts. I use Bitwarden and it’s brilliant for managing all my secured accounts. (Synology offers its own password manager called C2 Password.)
