Streaming giant Plex is urging its customers to change their passwords after it disclosed a data breach of one of its user databases. The company stated on Monday that it was aware of a security incident involving the theft of Plex customer account information. This information includes user names, email addresses, scrambled passwords, and unspecified authentication data.
Plex noted that while the passwords were scrambled in a way that made them unreadable to humans, it is unclear if the passwords can be deciphered or if the stolen authentication data could be used to gain access to customer accounts. The company said customers should change their passwords by visiting the Plex password reset form. Plex is also asking users to sign out of all connected devices.
While it is common for organizations that experience data breaches to force a password reset, even with scrambled data, it is unclear why Plex chose not to take this approach. Plex has said little else about the breach, though it did state that the company addressed the method that the third party used to gain access to the system. Plex did not provide more specific details or clarify what the risks to its customers may be.
The company did not say how many customers are affected. Plex has around 25 million users across the world according to its website. It is also not known when the breach happened, how long the hackers had access, when Plex discovered the breach, or if the incident is limited to Plex’s own systems.
Plex has not yet described the nature of the cyberattack or if the company has received any communication from the hackers, such as a ransom demand. When reached by email, a Plex spokesperson did not provide answers by press time.