Ddos 
The popular streaming platform Plex was recently the target of a cyberattack that resulted in a database breach. An unidentified hacker managed to extract customer authentication data from one of Plex’s databases. The compromised information included users’ email addresses, usernames, hashed passwords, and other authentication details.
Fortunately, Plex had implemented password hashing—a security measure that stores passwords in encrypted form. While this does not render the data entirely immune, it makes decrypting the stolen passwords a significantly more difficult task for attackers.
In its data breach notification, Plex stated:
“An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data. Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party.”
As a precaution, Plex urged all users to reset their passwords. When doing so, users are advised to check the option to “sign out connected devices after password change.” This ensures that all previously logged-in devices will be signed out, requiring reauthentication with the new password.
Standard users can reset their passwords at https://plex.tv/reset, while those using Single Sign-On (SSO) must first reset their password and then visit https://plex.tv/security to manually log out all devices before signing in again with updated credentials.
Plex confirmed that the incident did not affect credit card or payment information, as such data is not stored on its servers. At present, the company has not disclosed further details about the nature of the attack.
Related Posts:
- CVE-2025-34158 (CVSS 10): Plex Media Server Users Warned to Patch Critical Vulnerability Now
- Asustor NAS devices were hit by Deadbolt ransomware
- Urgent Security Alert: CISA Warns of Actively Exploited Apple and Microsoft Vulnerabilities
- CISA Warns of Credential Risks Tied to Oracle Cloud Breach
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
