Plex, the popular media server platform, has confirmed a security incident that may have exposed some user information. The company has notified customers via email and press release, urging immediate action to protect accounts.

“We have recently experienced a security incident that may potentially involve your Plex account information,” the company wrote to affected users. “We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure.”

According to Plex, the breach was contained quickly, but “an unauthorized third party accessed a limited subset of customer data from one of our databases.” The compromised information included “emails, usernames, securely hashed passwords and authentication data.”

The company emphasized that passwords were not exposed in plain text. “Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party,” Plex stated. Still, as a precaution, it is requiring all users to reset their credentials.

Plex recommends checking the option to “sign out connected devices after password change,” which “will sign you out of all your devices (including any Plex Media Server you own) for your security, and you will then need to sign back in with your new password.”

For users who sign in with single sign-on (SSO), Plex instructs logging out of all active sessions.

Importantly, Plex confirmed that “we do not store credit card data on our servers, so this information was not compromised in this incident.”

The company says it has already addressed the vulnerability that led to the breach. “We’ve already addressed the method that this third party used to gain access to the system, and we’re undergoing additional reviews to ensure that the security of all of our systems is further strengthened to prevent future attacks,” Plex explained.

Plex also reminded users to be on guard against phishing attempts: “No one at Plex will ever reach out to you over email to ask for a password or credit card number for payments.” Enabling two-factor authentication is strongly encouraged as an additional layer of security.

In closing, Plex apologized for the disruption. “We sincerely apologize for any inconvenience this situation may cause you. We take pride in our security systems, which helped us quickly detect this incident, and we want to assure you that we are working swiftly to prevent potential future incidents from occurring.”