Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,547
37,898


Popular media platform Plex has asked users to change their passwords "out of an abundance of caution" after it found a third-party had gained access to one of its internal systems.

plex.jpg

In a message to all users, Plex said that after discovering "suspicious activity" on one of its databases on Tuesday, the company ascertained that a hacker had been able to access "a limited subset of data" including emails, usernames, and passwords. From the email:
Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex account to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable to this incident.
Plex is asking users to tick the checkbox "Sign out connected devices after password change," when resetting their account password. This will sign out all devices, including Plex Media Servers, and require users to sign back in with their new password. Plex also recommends enabling two-factor authentication on their Plex account if they haven't already.


Plex says it has already addressed the method that the hacker used to gain access to the database, and it is conducting additional reviews to ensure the security of its systems and prevent a similar incident occurring.

Article Link: Plex Asks Users to Reset Passwords Following Data Breach
 
I have already received two spam texts about needing to reset ApplePay this morning right after this theft so be vigilant and report them as they pop up. Having stolen email address and phone numbers from what is effectively a tech website, the scams will be tech focussed for a while in the hope of getting lucky.
 
  • Like
Reactions: adrianlondon
Likewise. Don't know if they're just getting slammed by people trying to reset their passwords or if there's another issue at play.
They are getting slammed by people trying to reset their passwords and than log back in again.

I managed to reset mine first thing this morning (I am in Germany, so CET) but I suspect as more users in Europe - and the US - get these emails, that the response time will get slower (if the sites load at all).

They also had some issues with the pw-reset link generating a message „The Token is Invalid. Please request a new one“, but if you actually did the pw change, the site accepted it (which is what happened with mine, and I was then able to log in with the new credentials).

Also, if you have not already done so, please enable 2FA. It really is worth it for the added security.
 
Their mail server is on the spamcop block list now, so many people will have their reset emails blocked even if they were sent. Maybe a strategy by the people responsible for the attack?
 
  • Like
Reactions: Fred Zed
One must assume these days that any information provided or collected will be breached. The only “defense” is to stop providing so much info where possible and, though so unlikely it will never happen, businesses not collecting as much as possible.
 
  • Like
Reactions: mhnd
Their mail server is on the spamcop block list now, so many people will have their reset emails blocked even if they were sent. Maybe a strategy by the people responsible for the attack?
I think it is due to carelessness in their email and DNS setup. However, if a domain suddenly starts spewing large amounts of email, my suspicion is these blacklists see an anomaly and block it.

I was able to load Plex's website a few minutes ago, so hopefully the outage is over.
 
Last edited:
  • Like
Reactions: gank41
I received the warning email (in my Junk folder), and followed their instructions for a Request a Password Reset, but after 20 minutes I still haven't received an email to reset it (not in my junk folder either). Maybe Wackster is correct and they're on the Spamcop list now so we may not be able to get a reset email now.
 
I received the warning email (in my Junk folder), and followed their instructions for a Request a Password Reset, but after 20 minutes I still haven't received an email to reset it (not in my junk folder either). Maybe Wackster is correct and they're on the Spamcop list now so we may not be able to get reset email now.
If you are able to login, and you may not be able to now that you clicked that link, you can reset your password and enable MFA on your profile page.
 
  • Like
Reactions: jayling7
Yup. They emailed me a reset link and the page won’t load.
As mentioned, if you have the server open, open Plex and change your password. Set a PIN and 2FA,..make sure to check the box for logging out of all existing connections. Once done, you're all good.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.