Plex, one of the most popular media streaming platforms, has issued a warning to its global users after discovering a new data breach. The company is urging all customers to reset their passwords immediately to protect their accounts from potential misuse.
According to the breach notification, an unauthorized hacker gained access to a database containing user information. The stolen data includes email addresses, usernames, and hashed passwords. Although Plex reassured customers that the passwords were encrypted and not stored in plain text, the company emphasized the importance of resetting them as a safety measure.
It was revealed that a third party accessed a limited portion of customer data. This included essential details such as usernames and email addresses, along with authentication data.
The good news is that the exposed passwords were securely hashed, which means they were scrambled using cryptographic methods. As per official statement these passwords cannot be directly read by attackers. However, the company did not disclose which hashing algorithm was used. Some weaker hashing algorithms can be cracked using brute force or dictionary attacks, which is why experts recommend users to reset passwords immediately.
It is strongly advised for customers to reset their passwords without delay. Here’s what users need to do:
-
Reset your password by visiting https://plex.tv/reset
-
Select “Sign out connected devices after password change” to ensure all previously logged-in sessions are disconnected. This will force all devices to require the new password.
- For those using Single Sign-On (SSO), Plex recommends logging out of all active sessions manually through https://plex.tv/security
- After these steps, users will need to log in again on all devices, such as smart TVs, mobile apps, and streaming boxes.
Additionally, it is advised to enable two-factor authentication (2FA). This extra layer of security helps prevent attackers from gaining access even if they manage to guess or crack the password.
Plex clarified several key points to reduce user concerns:
-
No payment card data was exposed in the breach since Plex does not store credit card details on its servers.
-
The company acted quickly to contain the security incident and fix the vulnerability that was exploited.
-
Plex reminded users that it will never ask for login details, passwords, or payment information via email, warning against phishing attempts.
Despite these reassurances, the lack of transparency about the exact method of attack or the hashing algorithm used leaves some unanswered questions.
This incident is not the first time Plex has experienced a data breach. In August 2022, the company suffered a similar attack where authentication data and hashed passwords were stolen. At that time, Plex also forced customers to reset their passwords.
The fact that this is the second major breach within three years raises concerns about the company’s overall security practices. Streaming services like Plex are attractive targets for hackers because they hold large amounts of user data, including login credentials that could be reused across different platforms.
While Plex has taken steps to secure its platform, users also need to play their part in protecting their accounts. Here are some best practices:
-
Use a unique password for Plex that is not shared with any other service.
-
Enable two-factor authentication to add an extra layer of defense.
-
Beware of phishing emails pretending to be from Plex. Always log in directly from the official website.
-
Regularly review connected devices and sign out of any that look suspicious.
-
Update passwords periodically to reduce risks of credential reuse.
Data breaches are no longer limited to banks, government agencies, or e-commerce platforms. Even entertainment and streaming services are prime targets because of the large user base and the valuable login data stored.
Stolen credentials can be sold on the dark web, used for credential stuffing attacks, or exploited to access other accounts if users reuse the same passwords across multiple platforms. This is why request for password resets is not just precautionary—it is a necessary step to prevent future damage.
The latest data breach is a reminder that cybersecurity is an ongoing battle. While Plex moved quickly to contain the issue and reassure users, the fact that this is the second breach in recent years highlights the importance of stronger and more transparent security measures.
For users, the best defense is to reset passwords immediately, enable two-factor authentication, and remain alert against phishing attempts.
As cybercriminals continue to target streaming platforms, taking these proactive steps can help keep personal data safe. Users are advised not to delay these actions to ensure their accounts remain secure.
Interesting Article : Sitecore CVE-2025-53690: CISA Warns of Critical Flaw Allowing Remote Code Execution
Pingback: Microsoft Patch Tuesday September 2025 Including CVSS 10.0 Azure Flaw