IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Plex confirms passwords, emails stolen in “limited” data breach

The video streaming giant is requiring all users to reset their passwords in case the stolen hashed passwords can be cracked

Video on-demand service Plex has notified its customers of a data breach in which email addresses, encrypted passwords, and usernames were stolen by a third party.

Customers were told that the company spotted “suspicious activity" on one of its databases on Wednesday 23 August, but believes the actual impact of the incident to be “limited”.

The cyber criminals were able to access a “limited subset” of the data on the database, it said, including a list of hashed passwords. It added that, out of an abundance of caution, it is now asking Plex users to reset their passwords.

Payment details, such as credit card information, are not affected as part of the attack, the company said, adding this type of information is not stored on its servers.

Plex did not detail how the attackers gained access to its systems but said it knows how they were able to get in and has now worked to fix that issue. The company also assured customers that it was conducting additional reviews into the security of its systems to prevent further intrusions.

“We sincerely apologise to you for any inconvenience this situation may cause,” said Plex in the breach notification, seen by IT Pro. “We take pride in our security system and want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring.

“We are all too aware that third parties will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Plex will never be complacent in hardening our security and defences.”

Users have also reported that Plex's website is unreachable and, at the time of writing, its website is returning a Cloudflare Error 522, which occurs when the connection between the website and the content delivery network itself times out. It's currently unclear whether this incident is related to the data breach.

The company has been praised by those in the cyber security community for the speed with which it disclosed the incident. US-based companies are not bound by legislation like the GDPR and rarely disclose data breaches as swiftly as EU-based companies.

IT Pro has contacted Plex for additional information on the breach.

Related Resource

Escape the ransomware maze

Conventional endpoint protection tools just aren’t the best defence anymore

Whitepaper cover with overhead image of a man sat at a deska with a computer in the centre of a maze in the shadowsFree Download

Plex users have been advised to reset their passwords “immediately” to prevent any potential account compromise.

Users have also been encouraged to select the option to sign out of all devices connected to the account, a one-click option available during the password reset process.

The media company has recommended enabling two-factor authentication (2FA) as an additional precaution, if users do not have this enabled already.

“This is a headache, but we recommend doing so for increased security,” it said.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023