Monorepo

Plex Warns Users to Reset Passwords After Security Breach

Plex Warns Users to Reset Passwords After Security Breach
source: gettyimages
September 12, 2025

Streaming platform Plex is advising some of its users to change their passwords following a recent security incident. The popular media server service, often used solely for legitimate content, sent out an email to affected customers, reports The Register, indicating that email addresses, usernames, and securely-hashed passwords may have been compromised.

> "Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party," the email stated.

Plex emphasized that, despite the breach, no credit card data stored on their servers was affected, reassuring users:

> "Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident."

This notification echoes past incidents; Plex previously suffered breaches in 2022 and 2015 involving the theft of hashed passwords. In the 2015 breach, over 327,000 accounts were exposed, with weak salted hashes making passwords easier to crack—an issue that was a concern for security experts.

While detailed information about the latest breach, such as the total number of affected accounts, remains unavailable, Plex noted that the same types of data—emails, usernames, and hashed passwords—were targeted, similar to previous incidents. The company believes the impact is "limited" and claims to have addressed the vulnerabilities exploited by attackers.

The company’s statement included plans to boost security measures:

> "We're undergoing additional reviews to ensure that the security of all of our systems is further hardened to prevent future attacks."

In response to the breach, Plex users were prompted to reset their passwords and activate account settings that log them out of all connected devices when changes are made.

The company reaffirmed its position on security:

> "We remind you that no one at Plex will ever reach out to you over email to ask for a password or credit card number for payments."

Furthermore, Plex recommends enabling two-factor authentication for enhanced security and apologized for any inconvenience caused. They emphasized their commitment to quickly detecting and preventing such incidents.

Customer reports and social media posts suggest that not all users received the email alert, indicating the breach may be limited to a subset of users. Plex has yet to clarify why only some customers were contacted, and efforts to obtain further details from the company remain unanswered at this time.

Related links

By submitting, I confirm I have the right to share this link and I agree to link back to this article from the submitted page. Duplicate URLs are rejected. Up to 5 links per page.

GraphQL · 153 ms 
query Q($id: Int!, $domain: Int!, $srcId: Int!, $hasSrc: Boolean!, $hasSelf: Boolean!) {
  self: qa_ai(where: {id: {_eq: $id}}, limit: 1) @include(if: $hasSelf) { id title text date }
  linksarticle: qa_ai(where: {domain: {_eq: $domain}, id: {_neq: $id}}, order_by: {id: desc}, limit: 8) { id title }
  linksbottom: qa_ai(where: {domain: {_neq: $domain}, id: {_lt: $id}}, order_by: {id: desc}, limit: 3) { id title domain }
  source: qa_ai(where: {id: {_eq: $srcId}}, limit: 1) @include(if: $hasSrc) { id title }
}
{
  "id": 6643352,
  "domain": 7,
  "srcId": 0,
  "hasSrc": false,
  "hasSelf": true
}