Media streaming platform Plex has once again urged its users to reset their passwords following a new data breach that exposed sensitive account information. The company confirmed that an unauthorized third party accessed a database, compromising email addresses, usernames, authentication data, and securely hashed passwords.
According to the official breach notification, Plex was able to quickly contain the incident, but the scope of exposed data raised concerns within the cybersecurity community. While the company emphasized that passwords were securely hashed in line with industry best practices, it did not disclose the specific hashing algorithm used. This omission leaves open the possibility that attackers could attempt to brute-force or crack the credentials if weak hashing methods were applied.
To protect its customers, Plex has instructed all users to reset their passwords immediately via the official reset portal at plex.tv/reset. The company also advises enabling the option to sign out connected devices after password change, which ensures that any unauthorized sessions are forcibly terminated. While this step enhances security, it will require users to log back into Plex across all devices.
For those using Single Sign-On (SSO), Plex recommends visiting plex.tv/security to log out of all active sessions and then reauthenticate. This proactive measure helps reduce the risk of attackers exploiting stolen tokens or lingering connections.
Beyond password resets, Plex is encouraging users to enable two-factor authentication (2FA) to add another layer of defense. This step ensures that even if attackers manage to obtain login credentials, they cannot gain access without the additional verification code. Plex also reminded customers that it will never request passwords or payment details via email, urging them to remain vigilant against phishing attempts that often follow major breaches.
Importantly, Plex clarified that no payment card data was compromised, since such information is not stored on its servers. The company has reportedly addressed the vulnerability that enabled the breach but did not disclose technical details, citing ongoing security reviews.
This incident marks the second major Plex data breach in recent years. In August 2022, the platform suffered an almost identical attack in which authentication data and hashed passwords were leaked. The recurrence of such breaches raises questions about Plex’s overall cybersecurity posture and whether further measures are needed to safeguard its growing user base.
Conclusion
With cyberattacks becoming increasingly frequent, the latest Plex data breach highlights the importance of proactive security practices such as strong password management, 2FA, and regular monitoring of suspicious account activity. While Plex has taken steps to contain the breach and protect its users, the recurring nature of these incidents underscores the need for greater transparency and resilience in digital platforms.
