The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases.
According to the letter that a reader shared with BleepingComputer, the intruder potentially accessed a limited subset of data, including email addresses, usernames, and encrypted passwords.
"Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution, we are requiring all Plex accounts to have their password reset,"
claims Plex's notice.
"Rest assured that credit card and other payment data are not stored on our servers at all, and were not vulnerable at this incident".
Plex claims that it has identified the means by which the third-party accessed the database and addressed the problem to harden its systems and prevent similar incidents from re-occurring in the future.
Troy Hunt, creator of data breach monitoring service '
Have I Been Pwned' also found himself among the impacted users.
