Streaming media platform Plex on Wednesday said that a subset of its data had been accessed by a third-party intruder and warned its users to changed their passwords.
In an email sent to its users, Plex said, ‘Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.’
It further said that even though ‘all account passwords that could have been accessed were hashed and secured in accordance with best practices’, it required all Plex users to change their passwords ‘out of an abundance of caution’.
The company assured users that credit card and other payment data was not stored on their servers so it was safe during the incident.
When asked about the number of users affected by the breach, a spokesperson from Plex did not give an exact number, but said that that the majority of the accounts were affected.
Plex said in the email sent to customers that they had already investigated the compromise and found out the method that was used by the hackers to obtain access to their systems, and that it was working hard to harden its security to prevent future intrusions.
The incident is a reminder to use 2-factor authentication for all your accounts where possible.