It's time to shore up your Plex account, people, as the best media streaming service has announced it's been hit with a large scale data breach. An email went out this morning to affected users explaining that on August 23 a "third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords."
Although the potentially stolen passwords would all have been obscured, the company is still saying that, "out of an abundance of caution" it is making sure all Plex accounts have their passwords reset and are recommending upgrading to two-factor authentication if that's not already in place.
As I was writing this the actual Plex website went down, with the support page stating that it was investigating a problem on its side. There's no indication that this was part of the data breach, and could potentially be down to a whole swathe of users suddenly trying to login and alter their password details. Hopefully, anyway.
There are certainly a whole bunch of users on Twitter decrying a perceived lack of preparedness for a large proportion of its users crashing the site by all going there the moment they're told to change their login details.
Plex has noted that no credit card or other payment information would have been accessed in this breach, as those aren't stored on the company's own servers, which means the hackers will have only gotten away with some encrypted passwords, emails, and usernames.
Still, now the site is back online it would certainly be worth getting your account details changed as soon as possible to prevent any potential further breaches on your side.
The company has provided a simple how to reset your password guide (opens in new tab) that is still accessible even if the site is down, as is the request password reset (opens in new tab) page. Though it does still seem to be struggling actually getting those emails out given the current status of the site infrastructure.
On the plus side, once you are logged back in you can immediately stream this absolute classic gratis.
🤓 https://t.co/3xYXo9PsAl (Availability: US) https://t.co/AiXyamHGHsAugust 23, 2022
Plex also recommends that when you alter your existing password you check the box which reads: "Sign out connected devices after password change."
This will be a royal pain in the butt when you forget all about this in a couple months' time and try and boot into some old device, only to have to try and remember what your new password might be this time around. But it will add another little layer of security because any automatically logged in device will require a fresh login next time you turn it on.