If you make use of the popular personal media server Plex on your Xbox, PlayStation, smart TV, or just about any other device, you’re going to want to update your password.
Last night Plex sent out emails notifying many of its customers that a serious security breach may have resulted in account information getting into the wrong hands. Plex stated that “all account passwords that could have been accessed were hashed and secured in accordance with best practices.” Which, while comforting, still should be followed by you adhering to best practices, which means signing out of all current instances and changing your passwords.
Kotaku has reached out to Plex for comment.
Plex specifically noted that “suspicious activity on one of [the company’s] databases” may have given a third party access to “emails, usernames, and encrypted passwords.” As The Verge notes, personal account information such as the contents of media libraries is likely safe. Plex claims that it’s “addressed the method that this third party employed to gain access to the system” and that it’s reviewing the security of all of its systems moving forward to prevent future incidents.
If you’re already a Plex user, then hopefully you’ve received said email and already changed your password by the time you’re reading this, allowing you to resume enjoying your very awesome and very legal library of media worry-free. While Plex servers typically run on PCs, Plex client apps are available on the Xbox and PlayStation store, as well as a litany of smart devices, which makes it a very convenient way to stream your media to any device, from almost anywhere.
It may be the case that some users haven’t received this super-important email. I would be one of those. Trips across Reddit reveal that some others may be in the dark as well, so if you have friends who enjoy Plex, politely nudge them to do the smart thing and get those passwords changed.
Also, as The Verge suggests in their reporting on the incident, we shall echo that you definitely ought to use a password manager if you aren’t already doing so and, I know it’s a pain, but two-factor authentication can go a long way toward preventing worst-case scenarios after scares like this.