Plex security incident — reset your password and update your server
Plex has reported that an unauthorized third party accessed a limited subset of customer data, including email addresses, usernames and securely hashed passwords. Plex says payment information was not affected.
What Plex says: Plex confirmed the incident, has addressed the access method and is conducting further security reviews. They’ve recommended affected users reset their passwords and sign out connected devices.
What you should do right now
- Reset your Plex password and, when prompted, choose to sign out of all connected devices.
- Enable Two-Factor Authentication (2FA) for added protection.
- Update your Plex Media Server to the latest version to ensure any server-side fixes are applied.
- Be alert for phishing emails; Plex will not ask you to email your password.
Sources & further reading
- Plex official notice: Important Notice of Security Incident (Plex Forums)
- Bitdefender summary: Bitdefender
- Android Authority coverage: Android Authority
If you need help resetting your account or updating your server, follow the official links above or contact Plex support.