Skip to main content

Plex data breach crashed the service as users flocked to change their passwords

Plex support page
(Image credit: Plex)
Audio player loading…

It's time to shore up your Plex account, people, as the best media streaming service has announced it's been hit with a large scale data breach. An email went out this morning to affected users explaining that on August 23 a "third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords."

Although the potentially stolen passwords would all have been obscured, the company is still saying that, "out of an abundance of caution" it is making sure all Plex accounts have their passwords reset and are recommending upgrading to two-factor authentication if that's not already in place.

As I was writing this the actual Plex website went down, with the support page stating that it was investigating a problem on its side. There's no indication that this was part of the data breach, and could potentially be down to a whole swathe of users suddenly trying to login and alter their password details. Hopefully, anyway.

There are certainly a whole bunch of users on Twitter decrying a perceived lack of preparedness for a large proportion of its users crashing the site by all going there the moment they're told to change their login details.

Plex has noted that no credit card or other payment information would have been accessed in this breach, as those aren't stored on the company's own servers, which means the hackers will have only gotten away with some encrypted passwords, emails, and usernames.

Still, now the site is back online it would certainly be worth getting your account details changed as soon as possible to prevent any potential further breaches on your side. 

The company has provided a simple how to reset your password guide (opens in new tab) that is still accessible even if the site is down, as is the request password reset (opens in new tab) page. Though it does still seem to be struggling actually getting those emails out given the current status of the site infrastructure.

On the plus side, once you are logged back in you can immediately stream this absolute classic gratis. 

See more

Plex also recommends that when you alter your existing password you check the box which reads: "Sign out connected devices after password change."

This will be a royal pain in the butt when you forget all about this in a couple months' time and try and boot into some old device, only to have to try and remember what your new password might be this time around. But it will add another little layer of security because any automatically logged in device will require a fresh login next time you turn it on.

(opens in new tab)


Best gaming monitor (opens in new tab): Pixel-perfect panels
Best high refresh rate monitor (opens in new tab): Screaming quick
Best 4K monitor for gaming (opens in new tab): High-res only
Best 4K TV for gaming (opens in new tab): Big-screen 4K PC gaming

Dave has been gaming since the days of Zaxxon and Lady Bug on the Colecovision, and code books for the Commodore Vic 20 (Death Race 2000!). He built his first gaming PC at the tender age of 16, and finally finished bug-fixing the Cyrix-based system around a year later. When he dropped it out of the window. He first started writing for Official PlayStation Magazine and Xbox World many decades ago, then moved onto PC Format full-time, then PC Gamer, TechRadar, and T3 among others. Now he's back, writing about the nightmarish graphics card market, CPUs with more cores than sense, gaming laptops hotter than the sun, and SSDs more capacious than a Cybertruck.