Plex is one of its most popular home media server software, and it has revealed today that it has gone through a data breach of some of its users' personal data. The company has been sending out emails to alert users of what has happened and what needs to be done next.
Thankfully, no credit card information has been compromised, but the hackers have managed to compromise the system and data, including email addresses, user names, and encrypted passwords.
Plex Breach Leaks User Email Addresses and More Information. No Credit Card Information was Stolen
Here is the email that has been circulating around.
Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.
This means that the good news is that the passwords should be safe since Plex never goes for simple, plain text passwords. However, it is still advised that you should go for a stronger password and when you are changing the password, make sure that you check the option where it lets you log out of all the other connected devices.
Needless to say, the breach was an unfortunate instance, but I do appreciate the fact that Plex was swift about the situation and managed to inform the users just in time. It is also worth noting that at the time of writing, there is no word on any serious damage.