Plex suffered a data leak and has required all users to “out of a great deal of caution” change their passwords.
Engadget reports that yesterday suspicious activity on Plex databases was detected, leading to the discovery that a third-party had gained unauthorized entry. A “limited subset of” user email addresses and passwords was accessed. Plex hashing ensured that the passwords had been protected, but it is still taking no chances.
Plex stated in a letter sent to users that it had already identified and blocked the access method to the databases. Once the review is complete, further security measures will be considered.
There’s a tutorial on how to reset your Plex password. Plex asks you to tick the “Sign out all connected devices after password changes” box for added security, while acknowledging that “this is a hassle.” Two factor authentication is available for Plex accounts and it’s highly recommended if you haven’t already used it.
Troy Hunt, the creator of Have I Been Pwned! On Twitter, Troy Hunt (Opens in new window) pointed out that since Plex requested all users to reset their passwords at the same time, they are all trying to do it. Plex’s servers have struggled to handle the overload. If you encounter an internal server problem when trying to reset your device, please be patient and try it again later. Some users report success when they don’t check the “sign out all devices” option.
