Plex has issued an email this morning urging users to reset their passwords.
Plex is an American streaming media service and a client–server media player platform, made by Plex, Inc. The Plex Media Server organizes video, audio, and photos from a user’s collections and from online services, and streams it to the players.
In their email they state:
“We want you to be aware of an incident involving your Plex account information yesterday. While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure.
What happened:
Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.”
This is another incident that should highlight that the use of a single password across multiple services is a bad thing. If and when hackers crack the passwords stolen from one website, they can go on to try that password on other more impacting service such as your bank, Amazon, Paypal.
My advice would be use a password management services such as Bitwarden or 1Password. These services can generate and store multiple password for all your accounts, Services, and Websites.
