What you need to know about the Plex hack

24 Aug 2022

Image: © dennizn/Stock.adobe.com

US streaming service Plex has urged all its users to change their passwords following a hack targeting its servers.

Video streaming service Plex has been hit by a hack that may have compromised user information such as passwords.

In an email to its users today (24 August), Plex said that it discovered “suspicious activity” on one of its databases yesterday. This gave hackers access to “a limited subset of data” including usernames, emails and encrypted passwords.

Plex said that all account passwords that could have been accessed were “hashed and secured in accordance with best practices”. But it is still urging all users to change their passwords immediately.

Financial information also seems to be safe, as the company reassured users that credit card and other payment data “are not stored on our servers at all and were not vulnerable in this incident”.

Plex is digital media player and streaming service that has around 20m users across the world, including in Ireland. It allows users to stream content such as video, audio and photos they upload themselves, and it is aiming to become a one-stop shop for streaming media.

While the individual or group behind the hack has not been identified, Plex said the method used to breach its system has been “addressed” and that it is conducting additional reviews to “ensure that the security of all of our systems is further hardened to prevent future incursions”.

The company has a set-by-step guide for users on how to change your Plex password, which involves choosing a strong, unique password on a private or incognito tab and signing out of other connected devices as well.

Troy Hunt, creator of the Have I Been Pwned website that lets people check if their information has been compromised in a data breach, took to Twitter to discuss his experience.

“I can’t do anything to not be [impacted] a breach like this (short of not using the service), but a 1Password-generated random password and [two-factor authentication] enabled makes this a mere inconvenience rather than a genuine risk,” he tweeted, sharing screenshots of Plex’s email to users.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com