The streaming service Plex disclosed a “security incident” in which unnamed hackers stole potentially sensitive customer account information. Plex made the announcement on Tuesday, urging all customers to log out of all connected devices and reset their passwords as a precaution.

In its statement, Plex revealed it had discovered that “an unauthorized third party accessed a limited subset of customer data” from one of its databases. It claims to have quickly “contained” the incident, but that the accessed information included details like email addresses, usernames, passwords, and authentication data.

According to Plex, the passwords were “securely hashed,” which means that threat actors obtained them in an encrypted form. Without knowing who they are or what capabilities they possess, it’s impossible to say whether they are able to decrypt and access the stolen passwords.

However, Plex assured users that credit card details were not stolen as Plex does not store this information on its servers.

Regardless, Plex is urging customers to reset their passwords or sign out of all devices, depending on whether they use their passwords or SSO to sign in to the service. Furthermore, users are reminded to ignore any emails claiming to be from Plex support, especially if it’s to ask for login credentials or financial information.

Plex is a free-to-air streaming service available globally. It’s legal and runs on ad-supported movies and TV shows as well as over 200 live channels. Users can also create an account to upload, organize, and stream their own media from anywhere or subscribe to paid plans with additional premium features.

This comes just days after the data of 21+ million PrestaShop customers were found for sale on the dark web and a data breach at a major US dental practice affecting 1.2 million customers.