Plex Urges Users to Reset Passwords After Security Incident

by ddos · September 11, 2025

Plex has notified its users of a security incident that affected a portion of customer data. The company maintains that the issue was swiftly contained, yet strongly advises all users to reset their passwords.

According to Plex, unauthorized access was obtained to a limited dataset within one of its databases. The compromised information included email addresses, usernames, encrypted passwords, and authentication details.

The company emphasized that all passwords were stored as hashes in accordance with modern standards, making direct recovery impossible. Nonetheless, as a precautionary measure, users are urged to update their accounts.

Plex also stressed that no payment card information is stored on its servers, ensuring that financial details were not exposed.

The company confirmed that the vulnerability exploited by the attackers has been remediated and that further audits are underway to strengthen defenses.

Users signing in with a password are directed to complete the reset process at plex.tv/reset. It is also recommended to log out of all connected devices to prevent potential unauthorized access.

Those relying on single sign-on (SSO) services are advised to terminate all active sessions via plex.tv/security.

Additionally, Plex encourages enabling two-factor authentication to reduce the risk of future attacks.

The company underscored that its staff will never request passwords or payment information via email and warned users to remain vigilant against phishing attempts.

For those experiencing issues after resetting their passwords, Plex has published guidance—for instance, instructions on re-linking Plex Media Server on Windows, Linux, QNAP, or Synology systems.

In closing, Plex apologized for the inconvenience and pledged to accelerate efforts to prevent such incidents in the future.