Be careful if you have a Plex account. By exploiting a security breach, hackers gained access to personal data. The streaming platform recommends that all of its users change their password.

Be careful if you have a Plex account. By exploiting a security breach, hackers gained access to personal data. The streaming platform recommends that all of its users change their password.

Plex, the powerful media player and streaming service with some 20 million users worldwide, has sent out a rather disturbing email to its subscribers. The firm indicates that it discovered “suspicious activity” yesterday in one of its databases. As a precaution, it asks its users to verify their account and change their password. As a reminder, Plex is a platform accessible on computer, on mobile – via an application – but also on connected TV, which makes it possible to broadcast various content – ​​video, audio, photo – shared by its members and to watch streaming content for them. subscribers with a paid account, and even live TV streams for free.

Plex: hacked passwords

It turns out that a “person outside the company” was able to infiltrate through a security breach. The hacker was able to access “a limited subset of data” stored there, including user names, emails and especially passwords – Plex however ensured that the passwords were “chopped and secured in accordance with best practices,” and therefore should not be able to be used. In addition, banking information, such as credit card numbers, was stored on another server and therefore was not compromised. The intruder has not been identified, but the firm said that the vulnerability used has since been addressed, and that it took the opportunity to carry out additional examinations in order to “to ensure that the security of all our systems is further strengthened to prevent future incursions”.

As a precaution, all users – especially those with a Plex Pass – are asked to log out of all devices in use and to change their password. It is also strongly recommended to activate double authentication and to use a password generator. Finally, she recalls that the company will never ask for usernames, passwords or a credit card number from a user – the theft of data allowing hackers to then carry out a phishing campaign in order to obtain bank details.