The Plex streaming platform warns that a “third-party” accessed user data, including email addresses and encrypted passwords. In an email sent on August 23rd, Plex states that all users should reset their password—this process should take you less than a minute, but it could save you a ton of heartache in the future.
Neither of the above options worked for my account—it seems that some users are encountering problems due to server traffic. So, here’s how to reset your Plex password the “hard” way:
- Before following these steps, try visiting Plex’s password reset page.
- If that doesn’t work, open plex.tv or app.plex.tv in your browser.
- Log in and click your user icon in the top right corner of Plex.
- Select “Account Settings.”
- Scroll down to “Password,” input a new password and confirm.
I also suggest activating two-factor authentication. It’s the option under “Password” in Plex’s “Account Settings.” And if you want to log out of Plex on all your devices, you should see an option to do so when resetting your password.
Now that your password’s reset, we can finally discuss this data breach. According to Plex, a “third-party” accessed a “limited subset of data,” including emails, usernames, and encrypted passwords. (Credit cards and other payment info were not exposed. Plex says that it doesn’t keep payment data on its servers.)
Encrypted passwords are more secure than passwords stored in plain text. Still, hackers will eventually crack this encryption. If you’ve reused your Plex password on any other websites, you need to update your password on those sites too.
This is why a password manager is so important. Password managers store all your login credentials in one place and can automatically log you into websites. They can also generate secure new passwords or warn you when existing passwords may be insecure or compromised.
We’re waiting for Plex to reveal more about the data breach. But for what it’s worth, we’re excited by Plex’s speedy response. The company didn’t wait til Friday afternoon to announce this data breach; it pushed an email to thousands of customers at 2 AM EST on a Wednesday. Frankly, this is a refreshing change of pace.