Plex Update: Notice of a Potential Security Incident
Key topics
What happened An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, and securely hashed passwords.
Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. Out of an abundance of caution, we recommend you immediately reset your password by visiting https://plex.tv/reset. Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident.
What we're doing We've already addressed the method that this third party used to gain access to the system, and we're undergoing additional reviews to ensure that the security of all of our systems is further hardened to prevent future attacks.
What you must do We kindly request that you reset your Plex account password immediately by visiting https://plex.tv/reset. When doing so, there's a checkbox to "Sign out connected devices after password change," which we recommend you enable. This will sign you out of all your devices (including any Plex Media Server you own) for your security, and you will then need to sign back in with your new password. We understand that this means a little more work for you, but it will provide additional security to your account.
Additional Security Measures You Can Take We remind you that no one at Plex will ever reach out to you over email to ask for a password or credit card number for payments. For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven’t already done so.
Lastly, we sincerely apologize for any inconvenience this situation may cause you. We take pride in our security systems, which helped us quickly detect this incident, and we want to assure you that we are working swiftly to prevent potential future incidents from occurring.
For step-by-step instructions on how to reset your password, visit: https://support.plex.tv/articles/account-requires-password-reset
Thank you, The Plex Team
Plex notifies users of a security incident involving potential access to account information, prompting password resets and discussion around account security and alternative media streaming services.
Snapshot generated from the HN discussion
Discussion Activity
Moderate engagementFirst comment
5m
Peak period
9
0-6h
Avg / period
3
Based on 12 loaded comments
Key moments
- 01Story posted
Sep 8, 2025 at 6:09 PM EDT
4 months ago
Step 01 - 02First comment
Sep 8, 2025 at 6:15 PM EDT
5m after posting
Step 02 - 03Peak activity
9 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 12, 2025 at 10:24 AM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
I spent a lot of the summer of 2024 watching Tubi in the room of the other house with a stray cat that I failed to domesticate and figured FAST wasn't so bad after all. Last winter I switched back to Plex and I am so delighted with it. It's a consumer electronics experience to watch content off my server or FAST or live OTA TV or recorded OTA TV with a game console. With Plexamp I can listen to music off my server wherever I go on my phone and either listen to albums and tracks I choose or use the 'Deep Cuts' recommender which is just great because it challenges me to listen to stuff I don't always listen to.
That said, there's nothing more I dread than having to change my password on mobile and game console like devices -- one thing I really relish is being able to watch TV and movies on my game console and not have to log in every time (like it is watching DVDs) which was one of the many ways Jellyfin failed.
[1] https://en.wikipedia.org/wiki/Free_ad-supported_streaming_te...
Are Plex and Emby related somehow?
I've got Emby running here - selected for no better reason than several of my friends run it. I'd consider switching to Jellyfin if there were reasonable evidence showing that Emby was run by the Plex people - or if they started showing obvious signs of the enshittification playbook...
I was running both on the same hardware (Synology NAS via docker), and using the same client device (AppleTV). Jellyfin was painfully slow, via the native web interface to the point of being nearly unusable. On the AppleTV I tried both Swiftfin and Infuse. Swiftfin was painfully slow to the point of being unusable. Infuse was better once the caches loaded, but that took several hours of just navigating around the app. Once I did, the interface wasn’t one I liked and I seem to remember having issues with adding new files. I also has play back issues in one or more of the apps, I think.
As much as I’ve been concerned about the direction of Plex, it seems like the alternative isn’t up to the task. I remember installing the first version of Plex server probably over 15 years ago and it was smooth and fun to watch, with movie posters turned over as it loaded them in. Jellyfin felt like a chore.
Needless to say, I’m back on Plex. I’ll still keep an eye on alternatives in the space, but I’m really disappointed with all the people who have been shouting the Jellyfin name from the rooftops, saying it’s better than Plex. That was not my experience at all. Maybe on a much more powerful system, with a much smaller library? I’d love to see it become great, but it feels like they have a long way to go to really nail the basics while remaining performant.
I started using Jellyfin recently when the machine with my very old never-to-be-updated pre-en**ified Plex died. I ran Jellyfin in trials natively on Debian and Arch for about a year in anticipation of the switch, and with Docker on Manjaro. It seemed to be going strong on Debian but lost the plot on Arch over the course of several system updates. Currently I'm sticking to Docker on Manjaro. I'm using the same Intel N150 box for the Jellyfin server and playback without any performance problems. The video library is NFS mounted over wifi from a separate home file server.
Now use Jellyfin, which was difficult because our hisense tv only had Plex (had to 'hack' it to sideload), but at the server end (just a desktop running Kubuntu in the same subnet) has been great. Works well for me, just as Plex did 10(?) years ago.
Plex Security Incident - https://news.ycombinator.com/item?id=45174707