Streaming media service Plex has announced a data breach that compromised the account information of its users. The company says a third party gained unauthorized access to data including usernames, emails, and passwords. It is requiring all its users to change their passwords immediately to keep out of harm’s way.

Plex is notifying its users of the data breach over email. Funnily enough, Troy Hunt of Have I Been Pwned, a website that allows anyone to check whether their personal data available on online platforms has been compromised by data breaches, was also “pwned”. He shared a screenshot of the email he received on Twitter.

In the email, Plex states that the bad actor only accessed a limited subset of its user data. Moreover, the company notes that it stores passwords in an encrypted form, “hashed and secured in accordance with best practices”. However, it is still requiring a password change for all its uses “out of an abundance of caution”. The company is also encouraging users to sign out of all connected devices after changing the password and signing in again with the new password.

“This is a headache, but we recommend doing so for increased security,” Plex said. Unfortunately, as Hunt notes, checking the button that signs you out of connected devices after a password change leads to an error. It prevents you from changing the password. Unchecking it lets you change your Plex password, though. Hopefully, the company will address this problem soon as it prevents users from doing what it recommends them to do.

Plex data breach did not compromise payment data

Plex added in its email to users that it does not store your credit card or any other payment data on its servers. So this data breach does not pose any direct financial risk. The company also confirmed that it has addressed the loophole that the bad actor leveraged to gain access to its servers. It has also strengthened the security measures to prevent future breaches.

However, these kinds of breaches happen quite frequently and you can’t do anything about it. But what you can do is use a password manager to generate unique and strong passwords for your apps and online accounts. It’s never a good idea to use the same password across multiple platforms. Additionally, you should also use two-factor authentication (2FA) for added security. There are plenty of authenticator apps or password managers to choose from.