Plex security breach — change passwords immediately

Plex has announced a security incident in which an unauthorized third party accessed a limited subset of user account data. Plex says some customers had their email addresses, usernames and hashed passwords exposed. Credit card data was not stored on Plex servers and was not compromised.

What Plex says

• Official announcement: Plex support announcement
• Plex confirmed the incident was announced on September 9, 2025.
• Passwords were hashed (scrambled), reducing the chance they were readable, but Plex advises caution.

What you should do now

1. Change your Plex password immediately: Reset password.
2. When resetting, choose the option to sign out connected devices to force reauthentication across sessions.
3. Enable two-factor authentication (2FA) for your account via Plex Security settings.
4. If you use third-party sign-ins (Google, Apple), sign out of all devices from the security page.
5. Use a dedicated password manager and consider an authenticator app for 2FA.

Context

This follows a similar Plex incident in 2022 where emails, usernames and passwords were accessed. While hashed passwords are safer than plaintext, repeated breaches are a reminder to update credentials regularly and use strong security practices.

Have you updated your Plex password? Let us know in the comments.