Plex hack: Video streaming service urges people to take action after major data breach

Video streaming tool Plex has urged its users to change their password after a major data breach.

The hack allowed usernames, email addresses and encrypted passwords to be stolen from its servers, Plex said. While it believes the “impact” from the incident is “limited”, it urged users to change their passwords as soon as possible.

Plex works something like a streaming service that users host themselves. It allows users to upload their films, TV shows, music and photo libraries, and then have them available on other devices such as streaming sticks and their mobiles.

Users of that service were emailed today warning them that the company had found suspicious activity on a server. After an investigation, it found that someone had been able to get into a subset of data that included personal information.

Plex did not indicate that any data other than those emails, usernames and passwords had been stolen. It said that payment information was safe, and did not mentioned other data such as people’s libraries themselves, which may include sensitive or personal pictures, for example.

But it nonetheless said that users will be required to reset their passwords. It urged people to also force a sign out on all other connected devices so that they can be logged in.

It acknowledged that the step is work for users and said that it was only being taken out of an “abundance of caution”. “This is a headache, but we recommend doing so for increased security,” it said in the email.

Some users found they were unable to actually change those passwords, with the site showing an “internal server error” when they attempted to select a new one. That appeared to be a problem with the vast number of users attempting to log in at the same time to change those passwords.