Not even Have I Been Pwned founder Troy Hunt is safe from having his passwords compromised. If you’re a Plex user, then neither are you.
The streaming service and media place has issued a notice warning users that their login details have been compromised. A third party got into the company’s systems and escaped with a collection of data. Said data included usernames, email addresses, and (hashed) passwords.
Password Com-Plex-ity
Aw crap, I’m pwned in a @plex data breach. Again. I can’t do anything to *not* be in a breach like this (short of not using the service), but a @1Password generated random password and 2FA enabled makes this a mere inconvenience rather than a genuine risk. pic.twitter.com/XetB3IGUh3
— Troy Hunt (@troyhunt) August 24, 2022
If you’re Troy Hunt, then you’ve probably got little to worry about. If you treat your internet security the same way he does, you’re probably also fine. But if you’re a Plex user and also reuse the same email password for every service, it’s time to change your login details.
Read More: Can you still be hacked with 2FA enabled? Here’s what you need to know
Plex pointed out in its note to affected users that credit card info and payment data weren’t accessed. The company also said that all compromised passwords should remain safe. Changing your login info is a preventative measure, in case something was actually accessed. It’s not likely it was, but do you want to take that risk?
There does seem to be an issue with changing Plex passwords, however. The service asks users to also sign out of all devices using old login info. Selecting this option, in some cases, causes the password reset to fail. Not selecting it allows the update to go through.
Plex also asked that users not already using two-factor authentication do so. It’s far easier to retain your online accounts if you have to verify changes on another, completely different device.