Plex GmbH Data Breach Affects User Accounts

On Sept. 5, 2025, Plex, a provider of media server and streaming software, disclosed a data breach that exposed personal information belonging to its users. An investigation determined that an unauthorized actor accessed sensitive customer data on a Plex database.

According to the company’s official notice of security incident, the exposed data included email addresses, usernames, securely hashed passwords and authentication data. Plex has not disclosed the total number of affected users, but it is believed to be in the millions.

Compromised username and password details puts users at risk as many people have a tendency to use the same information across multiple platforms that require a login.

Plex's response

After discovering the breach, Plex GmbH took steps to contain the incident and secure its systems. The company initiated a forced password reset for all affected accounts, requiring users to set new, strong passwords.

Plex also recommended that users enable two-factor authentication (2FA) for additional protection. In their security incident notice, Plex provided detailed instructions on how to reset passwords and activate 2FA.

If you received a data breach notice or believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Plex and follow the password reset and two-factor instructions.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more information about the streaming platform, visit the Plex website.