Plex hack: Video streaming service urges people to take action after major data breach

Most data should be safe – but users should change passwords as soon as possible to be sure, company says

Andrew Griffin
Wednesday 24 August 2022 08:47 EDT
Comments
(AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Video streaming tool Plex has urged its users to change their password after a major data breach.

The hack allowed usernames, email addresses and encrypted passwords to be stolen from its servers, Plex said. While it believes the “impact” from the incident is “limited”, it urged users to change their passwords as soon as possible.

Plex works something like a streaming service that users host themselves. It allows users to upload their films, TV shows, music and photo libraries, and then have them available on other devices such as streaming sticks and their mobiles.

Users of that service were emailed today warning them that the company had found suspicious activity on a server. After an investigation, it found that someone had been able to get into a subset of data that included personal information.

Plex did not indicate that any data other than those emails, usernames and passwords had been stolen. It said that payment information was safe, and did not mentioned other data such as people’s libraries themselves, which may include sensitive or personal pictures, for example.

But it nonetheless said that users will be required to reset their passwords. It urged people to also force a sign out on all other connected devices so that they can be logged in.

It acknowledged that the step is work for users and said that it was only being taken out of an “abundance of caution”. “This is a headache, but we recommend doing so for increased security,” it said in the email.

Some users found they were unable to actually change those passwords, with the site showing an “internal server error” when they attempted to select a new one. That appeared to be a problem with the vast number of users attempting to log in at the same time to change those passwords.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in