Media streaming service Plex has urged its users to update their account passwords after confirming a security breach that exposed customer information from one of its databases.

According to a statement released by the company, the compromised data includes usernames, email addresses, encrypted passwords, and unspecified authentication information. While the passwords were scrambled to make them unreadable, Plex has not confirmed whether the encryption method could be reversed or whether the stolen authentication data could enable unauthorized access.

Customer Guidance

Plex is advising customers to immediately:

• Reset their account passwords through Plex’s official password reset form
• Sign out of all connected devices

Interestingly, the company has not enforced a mandatory password reset, a step that is usually standard practice after a breach, even when encrypted data is involved.

Limited Transparency

So far, Plex has shared few details about the breach. The company stated that it has already addressed the vulnerability exploited by attackers, but it did not disclose specifics regarding the method used, the timeline of the intrusion, or the potential risks to users.

When asked by TechCrunch for further clarification, a Plex spokesperson reiterated the official statement without providing additional answers. Notably, the company also declined to confirm which hashing algorithm was used to encrypt customer passwords — a crucial factor in determining how secure the scrambled data may be.

Scope of the Incident

It remains unclear how many accounts were affected. Plex reports having more than 25 million users worldwide, but it has not revealed whether the breach impacted all or a subset of its user base.

Other unanswered questions include:

• When the breach first occurred
• How long attackers had access
• Whether Plex systems alone were targeted
• If there has been any communication from the threat actors, including ransom demands

Final Thoughts

This incident highlights the growing challenges organizations face in protecting sensitive user information. The lack of transparency around encryption methods, timelines, and scope leaves users uncertain about their level of risk.

For now, Plex customers are strongly encouraged to take proactive steps by resetting their passwords and monitoring their accounts for suspicious activity.

Source: https://techcrunch.com/2025/09/09/plex-urges-users-to-change-passwords-after-data-breach