Plex, the popular platform for streaming video and music content to computers and smart TVs, reports a hack into its services that apparently exposed usernames, email addresses and passwords of some users. The passwords have been stored encrypted, so hackers will still need work to decipher them, but to be safe, Plex recommends that all users of the service reset the password immediately.
According to Plex, there is no indication that the hackers were able to gain access to users’ media stores, which may also include private photos and videos. Also, information about payment methods, such as credit card numbers, are not stored on the company’s servers at all, so these were probably not exposed as part of the hack. The vulnerability that allowed hackers access to the system has already been fixed, and over the next few weeks Plex will continue to investigate the case to make sure there are no additional vulnerabilities.
The password reset is done through the account settings screen on the Plex website, which provides detailed instructions for the process. It is also recommended to activate the two-step verification option, which is able to protect the account almost completely even if the user’s password is exposed in any way. Plex offers this extra layer of protection for free to all its users.
It should be noted that despite the recommendation, Plex does not intend to intentionally reset all passwords, as has been done by other companies in similar cases. Users who choose for any reason to ignore the message can simply continue to use the platform services as usual, although they will of course assume a certain risk.