Plex is a popular movie and TV streaming service, with the option to play content hosted from your own personal servers. However, Plex is now sending out emails explaining user data may have been accessed by a third party.
Plex said in an email, “yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset.”
The company confirmed that credit cards and other payment information (Plex has a premium subscription available) are not affected, as Plex doesn’t store that data on its own servers at all. Plex declined to tell TechCrunch how many people are affected by the security breach, other than “the majority of accounts.” The company has also (so far) not announced the data breach on social media — Plex’s most recent tweet is promoting the show ALF.
Plex has reportedly sent an email to all Plex users with instructions for resetting their passwords, but some complained the reset link wasn’t working. There are also reports that linking a Plex account to the TV apps is broken.