Suspicious activity was first noticed yesterday (Tuesday, August 24th), according to an email from Plex that was sent to customers this morning. Upon closer inspection, Plex has been able to verify that an unknown third party was able to access some information on one of its databases. That data includes user names, email addresses, and encrypted passwords. While Plex assures subscribers that the potentially compromised passwords have been “hashed and secured in accordance with best practices,” it’s still erring on the side of caution. It’s also telling customers not to worry about credit card or other payment information as that category of data isn’t stored on its servers—so it wasn’t at risk in the first place. Plex members are being asked to reset their account passwords as soon as possible and to check the “Sign out connected devices after password change” box as an added precaution. And consider using two-factor authentication if it hasn’t already been turned on. The company also advised subscribers to never give passwords or credit card numbers over email to anyone claiming to be from Plex. Beyond that, the streaming service says it’s doing everything it can to shore up its defenses and strengthen security to help prevent a similar breach from happening again. While sooner is always better when responding to a potential data breach, Plex subscribers looking to reset their password may need to circle back around and try again. Some Twitter users are reporting issues with resetting, which seems to be tied to the recommended “Sign out on connected devices” selection.
