Popular media platform Plex has told users that they should change their passwords “out of an abundance of caution” after it discovered an outside party had gained access to one of its internal systems.
In a message to users, Plex said it had discovered “suspicious activity” on one of its databases on Tuesday. The company determined that a hacker had accessed “a limited subset of data” including emails, usernames, and passwords.
The company says they’ve already addressed the flaw used by the hacker to gain access to the Plex database and is conducting other reviews to ensure their systems are secure, to prevent another data breach.
Plex is instructing users to click the “Sign out connected devices after password change” checkbox when they reset their password. Doing so will sign out all connected Plex Media devices and servers, requiring users to sign back in using the new password. Plex also recommends users turn on two-factor authentication for their account if it isn’t enabled already.
Aw crap, I’m pwned in a @plex data breach. Again. I can’t do anything to *not* be in a breach like this (short of not using the service), but a @1Password generated random password and 2FA enabled makes this a mere inconvenience rather than a genuine risk. pic.twitter.com/XetB3IGUh3
— Troy Hunt (@troyhunt) August 24, 2022