Many of Plex’s customers were notified via email last night that there may have been a severe security breach that allowed account information to fall into the wrong hands. In accordance with best standards, “any account passwords that could have been accessed were hashed and protected,” according to Plex. Even while it’s comforting, you should still follow recommended practises, which include signing out of all active instances and updating your passwords.
You should change your password if you use the well-known personal media server Plex on your Xbox, PlayStation, smart TV, or pretty much any other device.
If you already use Plex, then hopefully by the time you read this, you’ve already changed your password and received the aforementioned email, allowing you to resume enjoying your great and completely legal media library without concern. Plex client apps are readily available on the Xbox and PlayStation stores, as well as a plethora of smart devices, making it a very practical way to stream your media to any device, from practically anywhere, even though Plex servers are normally installed on PCs.
Plex made it clear that “emails, usernames, and encrypted passwords” may have been accessible to a third party due to “suspicious behaviour on one of [the business’s] databases,” according to the company. Personal account information, including the contents of media libraries, is probably safe, according to the cited source. In order to prevent further instances, Plex asserts that it has “addressed the approach that this third party exploited to obtain access to the system” and is currently assessing the security of all of its systems.
You should definitely use a password manager if you aren’t already doing so, and even though two-factor authentication is annoying, it can help prevent worst-case scenarios in the wake of security scares like this, as The Verge suggests in their reporting on the incident.
It’s possible that some individuals haven’t received this really crucial email. I would belong to that group. Trips across Reddit indicate that some others might also be unaware, so if you have friends who use Plex, gently prod them to change their passwords.