Plex reports data leak - password change recommended

Martin Jud Translation: machine translated 9.9.2025

Following a security incident, Plex is calling on all users to update their access data.

The media server supplier Plex has made a security incident public. An unauthorised third party was able to gain access to an undisclosed amount of user data. According to Plex, email addresses, usernames, hashed passwords and authentication data were affected.

Hashed in this context means that the passwords were not stored in plain text, but are encrypted using a technical method so that they cannot be easily recalculated or read out. Credit card information is not affected as, according to Plex, this is not stored as a matter of principle.

Plex is currently investigating the exact cause of the incident. Upon discovery, access was immediately prevented, the affected systems were updated and additional security measures were implemented. According to consistent reports, users directly affected have also been informed by email.

As a private pension provision, Plex is asking all users to change their password immediately - regardless of whether they are directly affected. When resetting, the option to log off all connected devices should be activated. Plex provides guidance on changing passwords on its support page. Anyone who logs in via single sign-on - i.e. via a centralised account such as Google or Apple, which is also used for other services - should end all active sessions via the service's security page. Plex also recommends activating two-factor authentication.

