Particle.news
Download on the App Store
11 ARTICLES
·
last wk.

Plex Urges Password Resets After New Breach Exposes Emails, Usernames, Hashed Passwords

The company says it contained the intrusion, with no payment card data stored or compromised.

array of Plex channels
Image
To protect yourself, even if you weren't notified of being affected, it's a good idea to change your password and make sure you have 2FA enabled.
Image

Overview

  • Plex notified users that an unauthorized party accessed a limited subset of customer records from one database.
  • Exposed information includes email addresses, usernames, and securely hashed passwords, prompting immediate password changes.
  • Customers are instructed to sign out connected devices during the reset and to enable two-factor authentication, with SSO users advised to log out of all sessions.
  • Plex says it has fixed the method used to gain access and is conducting additional security reviews to harden its systems.
  • Reporters highlight similarities to a 2022 Plex incident and note the hashing algorithm has not been disclosed, raising questions about potential hash cracking.