Plex Hacked, Change Your Password Now
If you are using Plex Media Server for your movie and TV library and have ever used the Plex Forums, you will need to change your password this morning. The company announced that its forum servers had been compromised, leaving email addresses, forum messages, and hashed passwords vulnerable.
The company states that this should only apply to users who have used the Plex forums. That being said, it might still be worth resetting your password in case you created a forum account that was merged with your regular Plex account and then forgot about it (like I did). Plex also notes that credit card and payment details are not stored on their servers at all, so financial information needs to be safe.
The company sent out a hack notification email to its users this morning. While Plex claims that the stolen passwords have been hashed and salted and therefore should be secure, it is still recommended that you change your password. If you visit the site while logged in with a vulnerable account, you will be automatically redirected to the Change Password screen, so it shouldn’t be too difficult. You should also receive an email with a link to a page where you can change your password.
Here is the text of an email sent by the company:
Dear Plex User,
Unfortunately, we learned this afternoon that the server hosting our forums and blog has been hacked. We are still investigating, but as far as we know, the attacker only gained access to these parts of our systems. Please be assured that no credit card or other payment information is stored on our servers at all.
If you received this email, then you have a forum account associated with your plex.tv account . The attacker was able to gain access to IP addresses, private messages, email addresses and encrypted forum passwords (from a technical point of view, they are hashed and processed). Despite the steps taken to encrypt passwords, we take your privacy and security very seriously, and as a precaution, we require you to change your password.
Make sure to choose a strong password, never share it, and never reuse passwords for different accounts! Better yet, use a password manager (like 1Password) to manage your unique password for you. Access to your Plex account will be locked until you do so.
Please follow this link to choose a new password.
We apologize for the inconvenience, but your privacy and security are very important to us and we would rather be safe than sorry!
We will post more information on our blog shortly. Thanks for using Plex!
The Plex Team
Plex hasn’t posted more details on the hack on their corporate blog yet, but we’ll update this post when they come out. Update: The company has updated their blog with more information on the hack here .