Plex says change your password after breach

Streaming platform Plex has millions of customers who are looking for alternatives due to the rapid increase in prices and advertising on conventional streaming media services. And, unfortunately, many of them are in for a nasty shock when they check their email. After a data breach, Plex is recommending that you change your password post haste.

“Action required: Notice of a potential security incident,” reads the subject line of the message that hit my personal inbox last night. According to Plex, “An unauthorized third party accessed a limited subset of customer data from one of our databases.” Email addresses, usernames, and “securely hashed passwords” are among the data lost, though Plex says the incident was “quickly contained.”

Plex isn’t saying a whole lot about what happened, and didn’t say any more about it when PCWorld sister site TechCrunch asked directly. Hashed passwords are generally safe if leaked to regular users, but can be decrypted with enough time and processing power. If you’re diligent about using a separate password for each service (easily handled by a password manager), then you’re probably safe.

But you should still create a new Plex password, which you can do here. If you haven’t been diligent about password habits, now is a great time to start.