Plex has been hacked. Reset your password and don’t re-use it elsewhere

Don’t take Plex’s email from this morning lightly and change your password immediately because hackers now also have your email and username.

Requesting a password reset on Plex
You’re not re-using your compromised Plex password elsewhere, no?
  • What’s happening? Plex’s systems were breached recently, giving hackers access to “a limited subset of data” which includes user emails, usernames and encrypted passwords. The company has informed users about this via email, requesting that all users immediately change their passwords as a precaution.
  • Why care? Because many people re-use passwords across multiple services, which is a recipe for disaster. If you use your Plex password across other services, think about potential consequences in case of a breach like this one.
  • What to do? Visit Plex’s password reset request page in your browser and reset your password (Safari will recommend a long, unique password). After that, venture into Settings → Passwords on your iPhone and review security recommendations, if you see any. Using Apple’s password auditing feature, you can identify all the websites where you re-use your Plex password.

Why is Plex asking users to change their passwords?

Plex emailed users about the incident, asking them to change their passwords because hackers now have their emails, usernames and encrypted passwords.

Good thing Plex did not store passwords in an unencrypted form but that’s of little consolation because there’s no guarantee that hackers won’t break encryption and reveal everyone’s passwords. Read: 17 tips to secure your iPhone

Plex’s email reads:

Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset.

The company claims that no payment data was breached because credit card numbers are not stored on its servers. Read: How to AirPlay to your Mac

How to reset your Plex password

When resetting your password via a link provided in the email, be sure to tick a checkbox next to “Sign out connected devices after a password change.” Doing so will improve security by ensuring no Plex devices continue to use the breached password. Read: How to add secure notes to your passwords in iCloud Keychain

Plex has a support article with step-by-step instructions on how to reset your password at support.plex.tv/articles/account-requires-password-reset/.

Plex debuted in 2008 as a freeware media center software. It’s since evolved into a versatile solution for easy organization of audio, video and photos from your own collections and from online services, streaming everything to your devices.