Plex sent an email out to users this morning (August 24), informing them that the company discovered the breach on August 23. Apparently there was “suspicious activity” on one of Plex’s databases, which allowed a third party access to “a limited subset of data." Plex made it clear that credit card information and other financial data isn’t stored on its servers. So your payment methods weren’t exposed, and should remain as safe as they ever were. Instead, the emphasis is on email addresses, user IDs and account passwords. While passwords were encrypted and hashed, Plex is advising its users to play it safe by resetting their passwords. The email claims this is a requirement, though it didn’t seem to be the case when I logged into my own Plex account earlier today.  There were no warnings or pop-ups that I could see, or anything that redirected me to the password settings. So I had to jump into the settings and do everything manually — not that the extra two seconds it took made much difference to my day. Plex says that it’s already addressed the issue that led to unauthorized access to its system, and is in the process of additional reviews to harden security. That way it’s a lot less likely that this situation will happen again anytime soon. Users are also being advised to activate two-factor authentication, and signing out all users following their password change.

How to change your Plex password

  1. Head to the plex.tv website.
  2. Click the three-line icon in the top right corner and select Account Settings.
  3. Scroll down to the Security section and click Edit next to password. 
  4. A list will appear asking for a new password, confirmation of the new password, and your existing password. Anyone with two-factor authentication enabled will also need to enter a verification code from their authenticator app.
  5. Tick the box saying Sign out connected devices after password change followed by Save Changes.
  6. Plex will then send you an email confirming your password has been changed.

How to activate Plex two-factor authentication

  1. Open your account settings as before.
  2. Find the Two-factor Authentication option below the password field and click Edit.
  3. Click Enable then enter your password when prompted.
  4. Scan the QR code with your authenticator app of choice, or enter the on-screen code manually.
  5. Type in the verification code from the authenticator app and click the Sign out of all other servers and apps box followed by Continue.
  6. Copy the recovery keys, and store them in a safe place, when you’re finished hit Done. Taking both these measures means you’ll need to log back into Plex on all your devices, but it’s a small price to pay to keep anyone else out of your account.  Plex has also made it abundantly clear that nobody from the company will email asking for either your password or credit card information. So if you get anything of that sort, report it as spam and block the sender’s email address. Read next: Uber is the latest company to investigate a serious data breach, after a hacker appeared to gain access to internal systems

Plex just confirmed a data breach change your passwords now - 13Plex just confirmed a data breach change your passwords now - 70Plex just confirmed a data breach change your passwords now - 95Plex just confirmed a data breach change your passwords now - 51Plex just confirmed a data breach change your passwords now - 9Plex just confirmed a data breach change your passwords now - 37Plex just confirmed a data breach change your passwords now - 88