Plex suffered a hacker attack in the past few hours that caused the theft of a lot of sensitive data, including usernames, email addresses and passwords. Fortunately, at least the passwords were encrypted, but in its notification email Plex still suggests changing them, just to be safe. According to the latest statistics, the platform has 20 million active users; it is not clear how many of them are involved.
For the moment, there are not too many details about the attack itself: the company simply says that it observed suspicious activity in one of its databases, and that it seems that a foreign entity has had access to the data it contained. Plex says it has identified the flaw which has allowed the intruder to access its servers, have it already fixed, and have initiated a process of reviewing all systems to ensure that they are able to repel future attacks.
A rather important detail on which Plex, which recently distributed the Discover function to orient itself among the streaming services, has not expressed itself regarding the multimedia libraries of users, which can be synchronized via the cloud and can include very private and compromising content (think photos and videos). The fact that libraries are not mentioned in the email can inspire cautious optimism. As for credit card data and various payment methods, Plex specifies that they are not saved on its servers and therefore from this point of view the risks are zero.
According to official information from Plex, to reset the password of your account is sufficient:
- Open an incognito session from your internet browser
- Open the password reset page
- Enter the e-mail address used during registration and wait for the e-mail with instructions to complete the procedure. Usually the wait is a couple of minutes at the most, but in cases of congestion it may go up a little
- Copy the link included in the email and paste it into the incognito session
- Choose a new password