Plex confirmed a security breach where an unauthorized party accessed one of its databases, exposing a subset of customer data. The compromised information included **email addresses, usernames, and securely hashed passwords**, though Plex emphasized that passwords were hashed per industry standards (algorithm undisclosed). While payment card data was not at risk—since Plex does not store such details—the incident marks the company’s **second major breach in recent years**, following a similar 2022 attack. Plex contained the breach swiftly and mandated password resets for all users, advising additional precautions like enabling **two-factor authentication (2FA)** and logging out of active sessions. The company fixed the exploited vulnerability but did not disclose technical specifics or remediation steps. The exposure of **customer credentials** raises risks of credential-stuffing attacks or phishing attempts, despite the hashing protection.
TPRM report: https://www.rankiteo.com/company/plex-by-rockwell-automation
"id": "ple3792537090925",
"linkid": "plex-by-rockwell-automation",
"type": "Breach",
"date": "6/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Media/Streaming Services',
'name': 'Plex',
'type': 'Company'}],
'customer_advisories': ['Mandatory password reset for all users.',
'Enable 2FA for enhanced security.',
'Log out of all sessions for SSO users.',
'Plex will not request sensitive information via '
'email.'],
'data_breach': {'data_encryption': 'Partially (passwords were hashed; other '
'data likely unencrypted)',
'data_exfiltration': True,
'personally_identifiable_information': ['Email addresses',
'Usernames'],
'sensitivity_of_data': 'Moderate (no payment data; passwords '
'hashed but algorithm undisclosed)',
'type_of_data_compromised': ['Email addresses',
'Usernames',
'Securely hashed passwords']},
'description': 'Plex confirmed a security incident where an unauthorized '
'party accessed one of its databases, exposing a subset of '
'customer data including email addresses, usernames, and '
'securely hashed passwords. The breach was quickly contained, '
'and Plex advised all users to reset their passwords. This '
'marks the second major security issue for Plex in recent '
'years, following a similar 2022 breach.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'second breach in recent years',
'data_compromised': ['Email addresses',
'Usernames',
'Securely hashed passwords'],
'identity_theft_risk': 'Low (passwords were hashed, but algorithm '
'not disclosed; brute-force risk remains)',
'payment_information_risk': 'None (Plex does not store payment '
'card information)',
'systems_affected': ["One of Plex's databases"]},
'investigation_status': 'Ongoing (vulnerability fixed; technical details not '
'disclosed)',
'post_incident_analysis': {'corrective_actions': ['Fixed the exploited '
'vulnerability',
'Enforced password resets '
'and 2FA recommendations']},
'recommendations': ['Users should reset passwords via plex.tv/reset and '
"select 'Sign out connected devices after password "
"change'.",
'Single Sign-On (SSO) users should log out of all '
'sessions via plex.tv/security and reauthenticate.',
'Enable two-factor authentication (2FA) for added '
'security.',
'Remain vigilant against phishing attempts (Plex will '
'never request passwords or payment details via email).'],
'references': [{'source': 'Plex Official Notification',
'url': 'https://plex.tv/reset'}],
'response': {'communication_strategy': ['Public notification',
'User advisories for password reset '
'and 2FA enablement',
'Clarification that payment data was '
'not at risk'],
'containment_measures': ['Breach was quickly contained'],
'incident_response_plan_activated': True,
'remediation_measures': ['Fixed the exploited vulnerability '
'(technical details not disclosed)',
'Mandatory password reset for all '
'users']},
'title': 'Plex Database Breach Exposes Customer Data',
'type': 'Data Breach'}