Plex Users Should Reset Their Login Information ASAP Due To Alarming Data Breach
At present, Plex believes this breach to be limited in scope. Nonetheless, the limited subset of data accessed by the third-party contains email addresses, usernames, and encrypted passwords. Since the passwords were stored in a hashed format, users don’t have to worry about their passwords being directly exposed by this breach. However, those who reuse passwords may still be at risk of having their Plex passwords exposed, as cybercriminals can match password hashes with hashes from other data breaches that do include plain text passwords.
The breach notice does not provide any details regarding how the third-party actor gained access to a Plex database. Plex simply states that it has “addressed the method that this third-party employed to gain access to the system.” Plex is also performing further reviews of its systems, according to the notice. Lastly, the company assures its users that it does not store payment information on its servers, so no such information was exposed by this breach.