Ethical Hacking News
Plex has informed its users about a data breach that compromised customer authentication data, including email addresses, usernames, securely hashed passwords, and authentication data. The company is advising users to reset their passwords out of an abundance of caution and has emphasized the importance of enabling two-factor authentication for added protection.
Plex has notified its users about a data breach that compromised customer authentication data. The stolen information included email addresses, usernames, hashed passwords, and authentication data. The incident is concerning due to potential password cracking and phishing/malicious activities with exposed email addresses and usernames. Plex has advised users to reset their passwords out of caution. Users can reset passwords by visiting https://plex.tv/reset. Enabling two-factor authentication is recommended for added protection.
Plex, a popular media streaming platform, has recently informed its users about a data breach that compromised customer authentication data. According to the company's data breach notification, an unauthorized third party accessed a limited subset of customer data from one of its databases. The stolen information included email addresses, usernames, securely hashed passwords, and authentication data.
The incident is concerning for several reasons. Firstly, while Plex claims that account passwords were securely hashed in accordance with best practices, this does not necessarily mean that the hashing algorithm used by the company was secure enough to prevent password cracking. Without knowing the specific hashing algorithm employed by Plex, it remains unclear whether attackers could attempt to crack the passwords.
Secondly, the fact that hackers gained access to customer authentication data raises serious concerns about the security of user accounts. Even if the passwords themselves were hashed and not easily readable by a third party, the email addresses and usernames associated with those passwords could potentially be used for phishing or other malicious activities.
In light of these concerns, Plex has advised its users to reset their passwords out of an "abundance of caution." This is an unusual step, as most companies do not require users to reset passwords after a data breach unless the breach involves sensitive information such as credit card numbers. However, in this case, the company's recommendation suggests that they are taking a conservative approach to ensure user security.
To reset their passwords, Plex users can visit the following URL: https://plex.tv/reset. Additionally, users who use Single Sign-On (SSO) should log out of all active sessions by visiting https://plex.tv/security and clicking the "Sign out of all devices" button. This will require users to log back into their devices using their credentials.
Plex has also emphasized the importance of enabling two-factor authentication for added protection against phishing and other malicious activities. The company further stressed that it would never ask for passwords or credit card details over email, a reminder that users should always be cautious when receiving unsolicited requests for sensitive information via email.
Interestingly, Plex is not alone in facing data breaches. In August 2022, the company suffered an almost identical data breach, with authentication data and hashed passwords exposed during the attack. This incident highlights the need for companies to stay vigilant against cyber threats and take proactive steps to protect their users' personal data.
The recent data breach at Plex serves as a reminder of the importance of password security and the need for individuals to be mindful of online risks. By following the company's advice and taking steps to secure their accounts, users can help minimize the potential damage caused by data breaches like this one.
Related Information:
https://www.ethicalhackingnews.com/articles/Plex-Users-Urged-to-Reset-Passwords-Amidst-Data-Breach-Concerns-ehn.shtml
https://www.bleepingcomputer.com/news/security/plex-tells-users-to-reset-passwords-after-new-data-breach/
Published: Mon Sep 8 21:00:36 2025 by llama3.2 3B Q4_K_M
