The Plex streaming platform has experienced a security breach and is telling customers to change their passwords "immediately." They also suggest that users enable two-factor authentication and sign out of any connected devices that are currently logged in.
The company says a database was accessed by an “an unauthorized third party” and that some customers had their emails, usernames and hashed passwords exposed. As indicated, the breach involved hashed passwords, which are scrambled through an algorithm, so it's unlikely the bad actor could read them. However, this is an absolute case of "better safe than sorry."
Dammit @plex! Received to my personal email address today, not their first rodeo either: https://t.co/3HXXsOdyxy pic.twitter.com/LpfgAQPWNv — Troy Hunt (@troyhunt) September 8, 2025
Plex says credit card data is safe, which is a relief, as that information isn't stored on its servers. The company says it is currently safeguarding its data and "undergoing additional reviews to ensure that the security of all of our systems is further strengthened to prevent future attacks."