Archive for Plex

Plex Warns Users To Reset Their Passwords ASAP

Posted in Commentary with tags on September 10, 2025 by itnerd

I posted a guest post yesterday that media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases. Related to this, Martin Jartelius, CTO at Outpost24, provided the following comment:

“In situations like this, the safest approach is to automatically invalidate all user passwords and force a reset. While this prioritizes security and privacy over usability and business convenience, it’s often the best way to minimize risk.

The biggest concern is for people who reuse the same password across multiple sites. Even if Plex passwords were securely hashed, weak or reused credentials may eventually be cracked and then exploited in password spraying attacks elsewhere. Users should not only reset their Plex password but also change it anywhere else it may have been used.”

Consider this a today a today problem. If you have a Plex account, you should take measure to protect yourself now.

Leave a comment »

Plex Users Urged To Update Media Server After Security Flaw Exposed By White Hat Hacker

Posted in Commentary with tags on August 15, 2025 by itnerd

If you run Plex Media Server, you should update all the things as per this warning from Plex themselves:

We recently received a report via our bug bounty program that there was a potential security issue affecting PMS versions 1.41.7.x to 1.42.0.x. Thanks to that user, we were able to address the issue and continue to improve our security and defenses.

We strongly recommend that everyone have their PMS updated to the most recent version as soon as possible, if you have not already done so.

The new version, 1.42.1, is now available to update through the PMS management page or you can download it here: https://www.plex.tv/media-server-downloads/

Plex hasn’t shared any details regarding the vulnerability. But it’s a safe bet that threat actors are revers engineering what has been patched in order to pwn anyone who hasn’t updated.

Kudos to the white hat hacker, which is another way of saying that he or she is a hacker that is on the light side of the force, for bringing this to the attention of Plex instead of going over to the dark side.

Leave a comment »

Plex Has Been Pwned…. Users Asked To Change Their Passwords

Posted in Commentary with tags , on August 24, 2022 by itnerd

In case you’re not familiar with Plex, this is a service that lets users stream video from their computer to any other device. Effectively creating their own personal streaming service in the process. Well, this service has been pwned and a “limited subset” of user data has been pulled from its servers according to the company via an email that was sent out to users. Troy Hunt creator of haveibeenpwned.com was apparently affected by this and posted the email that Plex sent out:

But the company is still telling users to change their passwords. Instructions on how to do that can be found here. And the company says that the cause of the breach has been discovered:

We’ve already addressed the method that this third-party employed to gain access to the system, and we’re doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions.

Still, that may be cold comfort if you’re affected by this.

Leave a comment »