Leak at Plex
On 9 September 2025, media-streaming software company Plex disclosed that an unauthorized third party had accessed one of its databases, exposing user emails, usernames, securely hashed passwords and authentication data, and forcing an account-wide password reset.
- Victim
- Plex
On 9 September 2025, Plex β the company behind the widely used Plex media-streaming and home-server software β notified users that an unauthorized third party had accessed a limited subset of customer data from one of its databases. The company urged all password-based accounts to reset their credentials immediately.
According to Plex, the intruder reached account records before access was identified and cut off. Plex said it had located and addressed the method used by the attacker, and described the affected data as a limited subset of one database. No payment card information was involved, as Plex does not store card data on the affected systems.
The exposed data categories included:
- Email addresses
- Usernames
- Passwords (described as securely hashed in line with best practices)
- Authentication data
Because Plex did not disclose which hashing algorithm protected the passwords, researchers cautioned that determined attackers could still attempt to crack them. Plex directed users to reset their passwords at plex.tv/reset, to enable the option to sign out connected devices after the change, and strongly encouraged enabling two-factor authentication. The incident was the second breach of similar account data Plex had disclosed, after a comparable 2022 exposure of emails, usernames and hashed passwords.
Sources
- techcrunch.comhttps://techcrunch.com/2025/09/09/plex-urges-users-to-change-passwords-after-data-breach/
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/plex-tells-users-to-reset-passwords-after-new-data-breach/
- theregister.comhttps://www.theregister.com/2025/09/09/plex_breach/
- helpnetsecurity.comhttps://www.helpnetsecurity.com/2025/09/09/plex-tells-users-to-change-passwords-due-to-data-breach-pushes-server-owners-to-upgrade/