Free television streaming site Plex issued a mass warning on Wednesday following a data breach in which users’ account information was compromised.
According to an email sent by the service to users, an investigation launched after staff noticed suspicious activity in one of Plex’s databases that revealed a third party had accessed a batch of user data containing emails, usernames, and encrypted passwords. Plex said no credit card information was accessed during this breach, as it does not store users’ payment information on its servers. The company said it is working to reinforce security to prevent future breaches.
“We've already addressed the method that this third-party employed to gain access to the system, and we're doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions,” Plex told users in an email Wednesday morning.
Although the breached passwords were protected by an encryption algorithm so that any would-be hackers would only see a random string of numbers and letters, Plex is requiring all users to reset their passwords before they can access the service.
The company encouraged users to select "sign out connected devices after password change” when changing passwords, and then log back into the service using their new passwords. It also encouraged users who haven’t already done so to enable more secure two-factor authentication on their accounts, and reminded users no one from the Plex would ever reach out via email to ask for their passwords or credit card information.
“We sincerely apologize to you for any inconvenience this situation may cause,” the company wrote in an email to users. “We take pride in our security system and want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring.”
Step-by-step instructions for resetting an account password are available at support.plex.tv/articles/account-requires-password-reset.
