Plex Server Breached : Change Your Passwords Now

Yesterday, the news of a data breach at streaming services provider Plex spread like wildfire. Plex is sending email messages to all its users about a breach at one of their servers and they are explaining that only a small set of the whole database seems to be compromised.

In this email message, Plex Security team has explained that all the user passwords were stored in their hashed formats which is only one way encryption and cannot be easily decrypted. But in order to ensure the security of all of their users, they are asking everyone to do two things – change the account password and logout from all the devices before signing-in with the new changed passwords.

How to Change Plex Password

In order to change the password, you can visit https://www.plex.tv/ in any of your secure web browsers like Chrome or Vivaldi. You have to first login using your existing password. After you have signed in to your Plex account, you can click on your profile picture shown in the top-right corner and select Account Settings from the menu.

Plex Change Password

This is going to take you to the Plex account webpage. From here we can click on the Edit next to Password under the Security section. You will have to supply a new password twice and the old password once. Web browsers like Firefox and Chrome offer to generate strong passwords for you. You can also use tools like Norton Password Generator for creating very strong passwords for your online accounts.

Plex Change Password

Make sure to select the checkbox to sign out the connected devices after password change. Finally, you can click on the Save Changes button to change the password. You will have to login again using your new password.

How to Enable Two-Factor Authentication for Plex Account

The option for enabling two-factor authentication (2FA) appears next to the option for changing the password. For enabling the 2FA for your Plex account, you have to first verify your email address. You can click on the Enable button shown for the 2FA for your Plex account. This will show a QR code on your screen.

Plex Change Password

This QR code should be scanned using your smartphone through an app like Microsoft Authenticator, Google Authenticator, Authy, or FreeOTP. You can also search for “2FA” on Google Play store for Android smartphones or on Apple App Store to find these apps. You have to use only one of these app. If you are unsure, then you should go with the Google Authenticator app it is very popular, available for all platforms and used by millions of users worldwide.

Plex Change Password

After scanning the QR code, these apps add your Plex account to their code list and display a time based code which changes every few seconds. You have to enter this code displayed by these apps back on your computer screen  that was displaying the QR code and click on the Continue button.

Just like with changing the password, you can also choose to “Sign out of all other servers and apps” after enablng 2FA for your Plex account. After you have enabled 2FA, you will have to enter the code generated by the 2FA app on your mobile phone in addition to the password for signing in to your Plex acocunt.