Imagine my surprise when I opened my email account to find a lovely fresh warning from one of the world’s leading media streaming platforms.
That’s right: It’s time to change your Plex password, because it’s suffered a data breach specifically affecting your password, email address, and authentication data—which means your account is in danger of being hacked if you don’t act now.
Change your Plex password now before your account is breached
It’s time to make a change
The Plex email that landed in my inbox is titled “Action required: Notice of a potential security incident,” which is completely accurate.
Hackers accessed one of Plex’s databases and made away with “a limited subset of customer data.” The data stolen includes “emails, usernames, and securely hashed passwords,” and the incident, according to Plex, has been contained.
Are you getting a feeling of deja vu? You’re not wrong. Back in August 2022, Plex suffered a major data breach, again necessitating the immediate change of your account password.
In fact, the language used then was very similar to this security incident, with a third party able to “access a limited subset of data that includes emails, usernames, and encrypted passwords.”
See the pattern?
Your Plex password was encrypted—but it’s worth changing anyway
I reckon it’s just not worth the risk
It’s not all complete doom and gloom. While Plex has suffered a data breach, your password was hashed. In encryption, hashing means that your password has been converted to a string value using a one-way cryptographic function.
Hashing allows you to check if two files are the same without knowing what’s actually inside them. If the file you’re given matches the given hash, the content is the same.
But because the hash process is a one-way function, your password isn’t immediately exposed; the hackers just have a long list of hash outputs.
Now, in theory, the hackers that breached Plex could spend hours trying to match hashes for reused passwords, but they’d also need a huge amount of breached passwords from other services, time to match them, and the knowledge of what the password was to begin with.
How to change your Plex password to secure your account
Thankfully, Plex makes it a simple process
Either way, it’s worth changing your Plex password, just to be on the safe side, and Plex agrees. The company’s email includes a section dedicated to changing your password.
- Head to Plex’s Password Reset page and input your Plex email address.
- You’ll receive a specific email from Plex detailing the next steps.
- Plex advises that while you’re there, check the box that says Sign out connected devices after password change. You’ll be signed out of all of your accounts, which can feel like a hassle, but it means you’ll be more secure.
While you’re there, you should enable two-factor authentication to add some protection to your account.
- After resetting your password and logging back into your account, head to the Account Settings in the top-right corner.
- Scroll down and find Two-factor authentication, and select Edit > Enable.
- Input your password, then use an authenticator app on your smartphone to scan the QR code.
Once done, you’ll have to use the authenticator app to sign into your account, but it’ll be much more secure for it.
In short, changing your Plex password is the smart move here, and as it only takes a moment to do so, get it done now.
