Plex Data Breach - Reset Your Passwords
Posted by: Jon Ben-Mayor on 08/24/2022 08:07 PM
[
Comments
]
We were informed by a family friend that they received a lengthy email from Plex requesting that they change their passwords for any Plex accounts they have. Being suspicious, they gave us a call to verify.
We took a gander at the Plex site, and there is no mention of the breach yet, but many other sites have picked up on the story, so we wanted to ensure that our users were aware of the situation.
The email confirms that a data breach occurred via a third-party that gained access to their system. The method used has been addressed. Plex states "that while the account passwords were secured in accordance with best practices, we're requiring all Plex users to reset their passwords."
Below is a section of the email sent by Plex:
Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there's a checkbox to "Sign out connected devices after a password change." This will additionally sign out of all your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password. It can be found by going to the support section of their site under articles and searching "account requires password reset."
We'd also like to remind you that no one at Plex will ever reach out to you to ask for a password or credit card number over email. For further account protection, we also recommend enabling two-factor authentication "two-factor-authentication" (same procedure as password reset) on your Plex account if you haven't already done so.
Another thing to remember, a breach can spawn all sorts of phishing, etc., campaigns masquerading as Plex - never follow links provided in emails; always go to the site directly. Plex also reminds users that "no one at Plex will ever reach out to you to ask for a password or credit card number over email. For further account protection, we also recommend enabling two-factor authentication."
If you do not already use a password manager, this is a perfect example of why you should consider grabbing one. Check out this updated for 2022 article that Tim wrote about the 6 Best Password Managers for 2022
We took a gander at the Plex site, and there is no mention of the breach yet, but many other sites have picked up on the story, so we wanted to ensure that our users were aware of the situation.The email confirms that a data breach occurred via a third-party that gained access to their system. The method used has been addressed. Plex states "that while the account passwords were secured in accordance with best practices, we're requiring all Plex users to reset their passwords."
Below is a section of the email sent by Plex:
Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there's a checkbox to "Sign out connected devices after a password change." This will additionally sign out of all your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password. It can be found by going to the support section of their site under articles and searching "account requires password reset."
We'd also like to remind you that no one at Plex will ever reach out to you to ask for a password or credit card number over email. For further account protection, we also recommend enabling two-factor authentication "two-factor-authentication" (same procedure as password reset) on your Plex account if you haven't already done so.
Another thing to remember, a breach can spawn all sorts of phishing, etc., campaigns masquerading as Plex - never follow links provided in emails; always go to the site directly. Plex also reminds users that "no one at Plex will ever reach out to you to ask for a password or credit card number over email. For further account protection, we also recommend enabling two-factor authentication."
If you do not already use a password manager, this is a perfect example of why you should consider grabbing one. Check out this updated for 2022 article that Tim wrote about the 6 Best Password Managers for 2022
Comments
