The Plex streaming-video platform is requiring its 25 million-plus users to reset their account passwords after the Los Gatos, California, firm discovered a data breach.
“Yesterday, we discovered suspicious activity on one of our databases,” according to an email sent to one user. “We immediately began an investigation, and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames and encrypted passwords.”
The message sent early Wednesday morning adds that “all account passwords that could have been accessed were hashed and secured in accordance with best practices,” and it says Plex has “already addressed the method that this third-party employed to gain access to the system.”
Plex’s password-reset instructions suggest checking an option to sign out of all connected devices on an account after the password reset, but some users on Twitter and in a thread on Plex’s support forum have reported that following that advice yielded a server error.
Other customers have said they have been unable to complete setting up two-factor authentication, another recommendation in the email. Plex’s site had capacity issues early Wednesday, with its site-status page reporting it unreachable for a spell.
A PR rep for Plex, Molly Mulloy, confirmed in an email that the majority of Plex accounts were affected by the attack and said the company would update its help guidance if necessary.
“We have identified and addressed how the security breach occurred to ensure that the security of all of our systems is further hardened to prevent future incursions,” the statement she sent read. “Member security and privacy is our utmost priority, and we sincerely apologize for any inconvenience this situation may have caused.”
Plex, launched in 2008 as a port of the Xbox Media Center app, now maintains a variety of client and server apps that aim to provide a single dashboard for streaming services and local media files. In 2021, it raised $50 million from Intercap, an existing investor, with plans to spend $15 million of that to develop its service and use the rest on share and options repurchases from shareholders and employees.
At the StreamTV Show in June, Plex chief product officer Scott Olechowski said attention to user experience had to be its priority in a market that he did not expect to consolidate.
“I think we’re in a world where there’s going to be a lot of really exciting competition across the board,” he said, according to a FierceVideo recap of his appearance on a panel at that Denver event. “We have to deliver the experiences the user wants, because ultimately that’s all that matters.”