Streaming giant Plex is urging its customers to change their passwords after it disclosed a data breach of one of its user databases.
The company said in a post on Monday that it was aware of a security incident involving the theft of Plex customer account information, including user names, email addresses, scrambled passwords, and unspecified authentication data.
Plex said while the passwords were scrambled in a way that made them unreadable to humans, it’s unclear if the passwords can be deciphered or if the stolen authentication data could be used to gain access to customer accounts.
The company said customers should change their passwords by visiting Plex’s password reset form. Plex is also asking users to sign out of connected devices.
While it is common for organizations who experience data breaches of user information — even if that data is scrambled — to force-reset passwords to prevent malicious access to customer accounts, it’s unclear why Plex chose not to take this approach.
Plex has said little else about the breach, though it did say that the company “addressed the method that this third party used to gain access to the system.” Plex did not specify more details, or what the risks to its customers may be.
The company did not say how many customers are affected. Plex has around 25 million users across the world, according to its website. It’s also not known when the breach happened or how long the hackers had access, when Plex discovered the breach, or if the incident is limited to Plex’s own systems.
Plex has not yet described the nature of the cyberattack, or if the company has received any communication from the hackers, such as if a ransom demand has been made.
When reached by email, Plex spokesperson Jessica Finn did not provide answers to TechCrunch by press time.
Do you know more about the Plex data breach? Were you notified about the breach? Securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal.
