If you use the Plex media server for your movie and TV library and have ever used the Plex forums, you'll need to change your password this morning. The company announced its forum servers were hacked, leaving email addresses, forum messages and hashed passwords vulnerable.
The company says that only users who have used the Plex forums should be affected. That being said, it may still be worth resetting your password on the off chance you created a forum account that was merged with your regular Plex account, and then forgot about it (like I did). Plex also points out that credit card and payment data are not stored on their servers at all, so financial information should be safe.
The company sent out an email this morning to its users notifying affected users of the hack. While Plex says that the passwords that were stolen were hashed and salted and, thus, should be safe, it's still a good idea to change your password. If you visit the site while logged in with an affected account, you will be automatically redirected to the "Change your password" screen, so it shouldn't be too hard. You also should have gotten an email with a link to the page where you can change your password.
Here is the text of the email the company sent out:
Dear Plex User,
Sadly, we became aware this afternoon that the server which hosts our forums and blog was compromised. We are still investigating, but as far as we know, the attacker only gained access to these parts of our systems. Rest assured that credit card and other payment data are not stored on our servers at all.
If you are receiving this email, you have a forum account which is linked to a plex.tv account. The attacker was able to gain access to IP addresses, private messages, email addresses and encrypted forum passwords (in technical terms, they are hashed and salted). Despite the password encryption measures, we take your privacy and security very seriously, so as a precaution, we're requiring that you change your password.
Be sure to choose a strong password, never share it, and never re-use passwords for different accounts! Even better, use a password manager (1Password, for example) to manage a unique password for you. Access to your Plex account will be blocked until you do so.
Please follow this link to choose a new password.
We're sorry for the inconvenience, but both your privacy and security are very important to us and we'd rather be safe than sorry!
We will post more detailed information on our blog shortly. Thanks for using Plex!
The Plex Team
Plex has not yet posted on its company blog with more details about the hack, but we'll update this post when they do. Update: The company has updated its blog with more information about the hack here.