Another Plex data breach sees company urge users to change their password

A Plex data breach in 2022 exposed usernames, email addresses, and encrypted passwords. The company required all users to change their passwords as a precaution, and now history seems to be repeating itself. The company is again emailing users, using virtually identical wording to describe to report a new data breach with the same data obtained … 2022: A third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. 2025: An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, and securely hashed passwords. Last time the company forced a password change on all users. So far, it does not appear to be doing so this time, though there is contradictory language in the email being sent to users. The introduction recommends, rather than requires, a password change: Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. Out of an abundance of caution, we recommend you immediately reset your password by visiting https://plex.tv/reset. Further into the email, however, it describes a password change as mandatory, with a ‘what you must do’ heading. What you must do We kindly request that you reset your Plex account password immediately by visiting https://plex.tv/reset. When doing so, there’s a checkbox to “Sign out connected devices after password change,” which we recommend you enable. This will sign you out of all your devices (including any Plex Media Server you own) for your security, and you will then need to sign back in with your new password. We understand that this means a little more work for you, but it will provide additional security to your account. Compulsory or not, it is certainly a good idea. Plex says it has already fixed the vulnerability that allowed access to the system, and it is currently carrying out further reviews of its security. Highlighted accessories