As the company announced in an email to its users on August 24, 2022, unknown people probably had access to access data and customer information.

Email from Plex: Dear Plex users, we would like to inform you that there was an incident yesterday that affected your Plex account information. While we believe the actual impact of this incident is limited, we want to make sure you have the right information and tools to keep your account safe.
Email from Plex: Dear Plex users, we would like to inform you that there was an incident yesterday that affected your Plex account information. While we believe the actual impact of this incident is limited, we want to make sure you have the right information and tools to keep your account safe.

Users should reset passwords immediately

Unknown people had access to user names, email addresses and encrypted passwords, but not credit card or other payment details. Plex still asks its users to set a new password the next time they log in . To be on the safe side, you should also check the box to disconnect all currently logged in devices. Specifically, the email states: “This will additionally log out all of your devices (including any Plex Media Servers you own) and require you to log back in with your new password. This is tedious, but we recommend it for greater security.”

Attack route already closed

Plex has already closed the attack route and is currently examining further protective measures. If you need help resetting your password, Plex recommends taking a look at this Plex support entry . In addition, Plex users are also asked to activate two-factor authentication to protect their account. How this works is explained in this support article . This doesn't help against break-ins and data theft, but it does make access more difficult for attackers. Two-step authentication (also called two-step verification or two-factor authentication) is an additional security measure to protect a user account and should generally always be set up. We have described how this works HERE .

Plex users should be careful with emails in the future, as attackers could use the captured email addresses for phishing . Additionally, Plex mentions that Plex will never ask you for a password or credit card number via email.

Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )