Excerpt from BleepingComputer Article, Published on September 8, 2025
Plex is once again in cybersecurity headlines as the popular media streaming service notifies users of a new data breach. According to the recent announcement, Plex detected unauthorized access to one of its databases, compromising customer email addresses, usernames, and hashed passwords. While the company asserts all passwords were securely hashed, Plex recommends immediate password resets to mitigate risk.
Plex emphasized that payment information remains secure, as no financial data is stored on its servers. However, the breach did expose sensitive authentication data, prompting Plex to urge users not just to reset passwords, but also activate additional security measures. All account holders are advised to use the ‘Sign out connected devices’ option upon resetting passwords, ensuring any compromised sessions are completely logged out. Users who access Plex via Single Sign-On (SSO) are similarly advised to log out of all active sessions as an extra layer of safety.
The company has addressed the vulnerability, though it has not shared specific technical details of the attack. Plex is also reminding customers to enable two-factor authentication for added protection and warns against sharing account or payment details via email. This latest incident is unfortunately not the first: a similar breach in August 2022 forced a widespread password reset and sparked concerns over persistent vulnerabilities within Plex’s infrastructure.
The incident highlights the rising risk of password-based attacks. Recent industry reports warn of a surge in environments suffering cracked passwords, with rates nearly doubling year over year. Users should heed security recommendations and remain vigilant for any suspicious account activity.
To delve deeper into this topic, visit the BleepingComputer article.
