Important Security Update: Plex Mandates Password Reset After Data Breach
If you use Plex to manage your personal media library, it’s time to take immediate action to secure your account. The company has confirmed a security breach where a third party gained unauthorized access to its systems, prompting a mandatory password reset for all users.
While the situation is serious, understanding the details can help you protect your account effectively. Here is a clear breakdown of what happened, what data was exposed, and the essential steps you need to take right now to secure your digital library.
What Happened in the Plex Security Breach?
Plex discovered suspicious activity on one of its internal systems and immediately launched an investigation. The investigation confirmed that a malicious actor was able to access a limited subset of user data.
The company has since identified and addressed the vulnerability that allowed this unauthorized access. However, as a direct result of this incident, user account information was compromised.
Here’s a look at the specific data that was exposed:
- Potentially accessed data includes emails, usernames, and encrypted passwords.
It is crucial to understand that the passwords were not stored in plain text. They were hashed and salted, a strong cryptographic method designed to make them extremely difficult to decipher.
Plex has also been clear about what was not accessed during this breach:
- Credit card and other payment data were not compromised, as this information is not stored on Plex’s servers.
- Access to private media libraries was not affected, and the intruder did not gain entry to the contents of your personal server.
Even with the strong password protection measures in place, the company is taking the proactive and necessary step of requiring all users to reset their passwords out of an abundance of caution.
Your Immediate Action Plan: How to Secure Your Plex Account
Protecting your account requires a few simple but urgent steps. Follow this guide to ensure your Plex setup remains secure.
1. Reset Your Plex Password Immediately
Your first and most critical step is to reset your Plex password. You should have received an email from Plex with instructions. If you haven’t, you can reset it manually by visiting the Plex website.
When creating a new password, ensure it is strong, unique, and not used for any other online service. A password manager can help you generate and store complex, unique passwords for every site you use.
2. Enable Two-Factor Authentication (2FA)
Enabling two-factor authentication (2FA) is the single most effective step you can take to protect your account from unauthorized access. With 2FA active, even if someone manages to steal your password, they will be unable to log in without a second verification code from one of your trusted devices, like your smartphone. You can enable this feature in your Plex account settings under the “Account” section.
3. Sign Out of All Devices
After resetting your password and enabling 2FA, it’s wise to invalidate all previous login sessions. Plex offers a feature to “Sign out of all devices” within your account settings. This will force every device—from your TV to your smartphone—to re-authenticate with your new, more secure credentials, effectively locking out anyone who may have had prior access.
4. Be Vigilant About Phishing Scams
Following any major data breach, there is often a sharp increase in phishing attempts. Scammers may send emails pretending to be from Plex, asking you to click a link to “verify your account” or “update your information.” Do not click links in unsolicited emails. Always go directly to the official Plex website by typing the address into your browser to make any changes to your account.
By taking these decisive steps, you can secure your Plex account and continue enjoying your personal media with peace of mind.
Source: https://www.bleepingcomputer.com/news/security/plex-tells-users-to-reset-passwords-after-new-data-breach/
