Popular digital media player and streaming service Plex today sent out an email to all their users advising them to change their passwords as soon as possible after suspicious activity was discovered on one of its databases.
“Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.” Plex stopped short of confirming if any personal information or private media libraries were compromised, but assured users that “all account passwords that could have been accessed were hashed and secured in accordance with best practices.”
The Plex website and service has been overloaded since the breach notification went out, so changing your password might take some time to complete, but it is imperative that it is done immediately to avoid any abuse of your account and personal content.
While the cause of the breach has already been identified, and immediate action taken to rectify the security flaw, it is very likely that your credentials might have already been leaked. Aside from changing your password, Plex also recommends enabling 2 factor authentication (2FA) on your account to ensure that your credentials are not abused in any way.
While we are never too far away from the next security incident that leads to a data breach, there are many ways to minimize collateral damage from it. Whenever possible, use a password manager and never reuse the same password on multiple services. Setting up a 2FA device authentication also provides you with another layer of protection in the event your password is compromised.