Plex Suffers Security Incident Exposing User Data and Urging Password Resets (nerds.xyz)
- Reference: 0179093646
- News link: https://yro.slashdot.org/story/25/09/08/229201/plex-suffers-security-incident-exposing-user-data-and-urging-password-resets
- Source link: https://nerds.xyz/2025/09/plex-suffers-security-incident-exposing-user-data-and-urging-password-resets/
> Plex has alerted its customers about a security incident that [2]may have affected user accounts . In an email sent to subscribers, the popular media server company confirmed that an unauthorized third party gained access to one of its databases. The breach exposed emails, usernames, and hashed passwords. Plex emphasized that passwords were encrypted following best practices, so attackers cannot simply read them. The company also reassured users that no credit card data was compromised, since Plex does not store that information on its servers. Still, out of caution, it is requiring all account holders to reset their credentials.
>
> Users are being directed to reset their passwords at [3]plex.tv/reset . During the process, Plex recommends enabling the option to sign out all connected devices. This measure logs out every device associated with the account, including Plex Media Servers, forcing a fresh login with the updated password. The company says it has already fixed the method used by the intruder to gain entry and is conducting additional security reviews. Plex is also urging subscribers to enable two-factor authentication if they have not already done so.
[1] https://slashdot.org/~BrianFagioli
[2] https://nerds.xyz/2025/09/plex-suffers-security-incident-exposing-user-data-and-urging-password-resets/
[3] https://plex.tv/reset
Again?? 2015 all over again... (Score:3)
Plex was hacked in 2015 too. 10 years isnt too bad a run between security breaches?
[1]https://www.twingate.com/blog/... [twingate.com]
[1] https://www.twingate.com/blog/tips/plex-data-breach
Grading on a slippery slope (Score:2)
That's a terrible thing to say.
No, really.
First, a breach of your email address is normally going to be far less damaging than, say, medical records showing failure to comply with Texan birthing-vessel policy. You really want to look at the magnitude of the breach before comparing.
Second, no, if you're soliciting PII from people, you have a duty to protect it. "Only" failing once in a while is not acceptable.
Third, soliciting PII from users of home theater software serves no functional purpose. Deman
Re: (Score:2)
"In August 2022, a Plex data breach exposed users' emails, usernames, and encrypted passwords after a cybercriminal gained access to a database. Plex responded by requiring all users to reset their passwords and assured that no payment or credit card data was compromised."
And you can't log in! (Score:2)
Clicked to update my password - now the Plex site login won't work at all. I don't mean it won't take the new PW. I mean you can't get the login page.
Not surprised, really. So freaking many bugs in Plex that never get fixed I've questioned their code quality for a while now.
Bye bye Plex (Score:2)
I stopped using it when they decided they would charge for letting you stream your material outside your network. Moved to Jellyfin, which does what I need and want, and the move was easier than I thought it would be.
Re: (Score:1)
Not using Plex is the gift that keeps on giving. Why so many people went for it when there were better open-source alternatives available, I'll never know.
Re: (Score:3)
> Why so many people went for it when there were better open-source alternatives available...
I like how you phrase this like Jellyfin has been around as long as Plex, and is as mature in its development. For many people, Jellyfin wasn't really "there" until version 10.9 -- and that was less than two years ago. Many people had Plex servers up and long established before then, and see no reason to change after investing lots of time in their existing setup. The main complaints driving people to Jellyfin now are:
1) The addition of advertising-supported streaming content.
2) The recent push to make the
Re: (Score:2)
Many credit card companies offer 'virtual' card numbers that link to your account but are basically temporary card numbers.
Re: (Score:2)
We use Privacy, one card per vendor that is locked to them on first use plus flexable spend limits and quick pausing/closing of cards.