FlyerTalk Forums

FlyerTalk Forums (https://www.flyertalk.com/forum/index.php)
-   Travel Technology (https://www.flyertalk.com/forum/travel-technology-169/)
-   -   Plex Data Breach Notification (https://www.flyertalk.com/forum/travel-technology/2203042-plex-data-breach-notification.html)

StuckInYYZ Sep 10, 2025 5:59 am
Plex Data Breach Notification
 
While I don't use them personally, I suspect a significant number of FTers do so...

https://www.bleepingcomputer.com/new...w-data-breach/

TLDR: Looks like Plex has been hacked. Plex is recommending resetting your password (out of an abundance of caution).

meiji Sep 10, 2025 9:00 am
If you run your own server, you may need to claim it again so be prepared for a bit of a pain in the ...

gfunkdave Sep 10, 2025 10:37 am
I just changed my password and didn't need to reclaim the server or anything. When you change the password just uncheck the box (or was it check the box?)...either way, tell it not to sign out all devices.

HDQDD Sep 10, 2025 7:52 pm
I think this is the second time Plex has been "hacked" in the 10 years or so I've been using it. I use a unique random username/password for every login so I'm not so worried about this one. If it were my bank or broker I'd be worried. :). Like any hack, I'd be interested to learn more about what happened, but sadly much of that never sees the light of day.

I think any company that is larger than x amount of users or y amount of revenue should: A) be subject to some level of cybersecurity disclosures and/or audits, and B) should have to disclose details of a compromise (after it's been patched), and perhaps: C) be financially penalized for loss of user information in their care (whether it's used nefariously or not).


StuckInYYZ Sep 10, 2025 9:12 pm
Originally Posted by HDQDD (Post 37313157)
I think this is the second time Plex has been "hacked" in the 10 years or so I've been using it. I use a unique random username/password for every login so I'm not so worried about this one. If it were my bank or broker I'd be worried. :). Like any hack, I'd be interested to learn more about what happened, but sadly much of that never sees the light of day.

I think any company that is larger than x amount of users or y amount of revenue should: A) be subject to some level of cybersecurity disclosures and/or audits, and B) should have to disclose details of a compromise (after it's been patched), and perhaps: C) be financially penalized for loss of user information in their care (whether it's used nefariously or not).
Something similar happened in 2022. Everyone should have unique passwords for all their logins. It's a pain, but a security breach involving you (as a user) is even more of a hassle. I always tell others to go beyond minimal when setting this stuff up, otherwise they're going to have more work to do later.

As for what companies should do, they should have a team that reviews their existing security processes at least semi-annually and update (or set up a project to update) their security processes... eg, the annual process realises that this new module for some reason isn't using encryption, should be updated or if not possible, figure a way to limit the damage it could cause).

cruser1 Sep 11, 2025 2:06 pm
Got the notification on one Plex account I own, but not the other.


All times are GMT -6. The time now is 3:31 am.


This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.