Plex has millions of users around the world, with the company explaining in an email sent out to users that they discovered suspicious activity in one of their databases.
The company started an investigation into the incident, where they discovered that someone had access to a portion of their data. Plex said that this data includes users' emails, usernames, and their encrypted passwords and even though the account passwords could've been accessed, Plex says that they "were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset".
Plex says that users should rest assured that their credit card and other payment details aren't stored on their servers, and were "not vulnerable in this incident". The company is now requiring that all of its users reset their passwords immediately, and to address the issue at hand -- how the hacker got access to Plex's systems -- they're working through all of their security systems and further hardening them to prevent further incidents.
Plex said in an email to users: "Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident".
"Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident".
"Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there's a checkbox to "Sign out connected devices after password change." This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password here".