Plex allegedly hacked, emails and hashed passwords stolen

Updated on: 15 November 2023

Jurgita Lapienytė
Chief Editor

A streaming giant is asking all users to change their passwords immediately.

Twitter user Jeremi M Gosney posted a screenshot of an email he got from Plex, a popular American streaming media service.

“We discovered suspicious activity on one of our databases. We immediately began an investigation, and it does appear that a third-party was able to access a limited subset of data that included emails, usernames, and encrypted passwords,” Plex said.

Following the incident, Plex is prompting all users to reset their passwords, “even though all account passwords that could have been accessed were hashed and secured in accordance with best practices.”

Plex said it didn’t store any credit card or other payment data on its servers, so that data was not affected by the incident.

twitter

The company hasn’t publicly disclosed a breach - there’s no information about the incident on its website and social media channels. The breach notifications sent to the users include a link to an article What if Your Plex Account Requires a Password Reset?

We’ve reached out to Plex for a comment but received no immediate response. We will update the article as soon as we learn more.

Upon receiving unsettling emails, many Plex users have tried to change their passwords but learned this couldn't be done.

“So, for the sake of safety, I went ahead and logged into my account to change my password. Thing is, that didn’t work. I tried a few times, but when I submit the change password form hangs in there with a spinning icon for about 30 seconds, then I get

“Internal Server Error. Something went wrong on our end,” one user complained on a Plex forum.

Dozens of users expressed their frustration on the forum, and the company hasn’t publicly replied to any of them yet.

“Changed my password . . . logged in, all my media is missing,” another user said.