Plex issues warning to all users: Reset your password NOW as it confirms security breach

To reset your password, follow these steps:

1. Visit plex.tv/reset to change your password
2. Tick the box labelled "Sign out connected devices after password change" to log out all your devices, including any Plex Media Server you own
3. Change your password
4. Sign in to your devices with the new password

If you sign in using Google or Apple, go to plex.tv/security and select "Sign out of all devices" instead. You'll need to re-authenticate on all your devices afterwards, too.

This isn't the first time users have been urged to reset their Plex password. The platform experienced an almost identical security incident in August 2022, when hackers accessed the same type of user information - emails, usernames and encrypted passwords.

The similarity between these breaches has raised concerns about whether Plex is being repeatedly targeted or if there are deeper security issues. Users on forums have expressed frustration about having to reclaim their media servers and re-authenticate devices like Roku players after password resets.

The company says it's conducting comprehensive security reviews to prevent future incidents. However, the pattern of repeated breaches suggests ongoing vulnerabilities that hackers continue to exploit.

Experts recommend taking additional precautions

Darren Guccione, CEO and Co-Founder of Keeper Security, said: "This incident is a timely reminder of the continued importance of enacting strong password hygiene practices. Even with a hashed format, weak or reused credentials are still vulnerable to exploitation via automated tools and credential-stuffing attacks.

"Whether or not an individual is affected by a breach, it’s always advisable to regularly reset passwords. Avoid names, dates and dictionary words. Passwords should be long - a minimum of 16 characters is recommended - and completely randomised, ideally generated and stored using a password manager. And never reuse passwords. If one account is breached, reusing credentials elsewhere puts your entire digital identity at risk."

Plex also strongly recommends enabling two-factor authentication for extra protection. The company warns that they'll never ask for passwords or payment details via email - any such requests are phishing attempts you should ignore.

This adds an extra layer of security to your account by requiring more than just your password to log in. After you enter your password, you’ll also need to provide a second verification code, usually generated by an authenticator app (like Google Authenticator, Authy, or 1Password) or sent via text message.

Karolis Arbaciauskas, head of product at NordPass said, “For those using [single-sign on] (SSO) to log in, it would be best to log out of all active sessions. That can be done here, by clicking the button ‘Sign out of all devices.’ For step-by-step instructions on how to reset your password, visit this link.

“Remember to also inform your family and friends about this change. After a password reset, users will need to log in again on all their devices using the new credentials. A password manager can be helpful for securely generating and sharing these new credentials."

LATEST DEVELOPMENTS

• Microsoft is pulling the plug on one of its Outlook email apps
• BBC is building new Roku rival with 'radically simple' design
• Best VPN deals
• New WhatsApp feature will REWRITE your text messages

If you're not familiar with Plex, it's a media server and streaming platform, founded in 2009 and based in Los Gatos, California. It lets you organise, stream, and access your personal collection of movies, TV shows, music, and photos across devices. In addition to personal media, Plex also offers free, ad-supported movies, TV, live TV, and podcasts, making it a one-stop hub for both personal and online entertainment.