Streaming media platform Plex sent out an email to its customers earlier today notifying them of a security breach that may have compromised account information, including usernames, email addresses, and passwords. While Plex’s message says “all account passwords that could have been accessed were hashed and secured in accordance with best practices,” it is still advising all users to change their passwords immediately.
Plex is one of the largest media server apps available, used by around 20 million people to stream video, audio, and photos they upload themselves in addition to an increasing variety of content the service provides to paid subscribers.
The email states, “Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.” There is no indication any other personal account information has been compromised, and there’s no mention of access to private media libraries (which may or may not include pirated content, private nudes, and other sensitive content) having been accessed in the breach.
Source: Plex was compromised, exposing usernames, emails, and passwords – The Verge