Plex: Potential Data Breach, Password resetting required

Manbatius · Wednesday at 07:40

Thread bump, I just had this email yesterday, there's an article on tech radar this morning about it.

robj20 · Wednesday at 07:52

glenimp617 said:
Surely the passwords were encrypted?

Yes, still a precaution to change your password, just a standard procedure.

robj20 · Wednesday at 07:53

Rainmaker said:
When I reset the password on the account, I kicked off all existing devices so everyone had to sign in again. I also went into my Authorized Devices menu, and saw that actually despite saying they'd cleared it, users going back months were listed. I manually removed them all, and lo and behold - the kids can still open Plex and click their user and sign in with no authorisation or challenge. Something's still seriously borked at Plex's end.

Depends how you logged them in, I only login on my server and account. All the clients use the TV link code so I guess they don't get kicked out.

Rainmaker · Wednesday at 07:55

robj20 said:
Depends how you logged them in, I only login on my server and account. All the clients use the TV link code so I guess they don't get kicked out.

I posted that 3 years ago mate, and the affected users were email/password logins.

glenimp617 · Wednesday at 09:16

robj20 said:
Yes, still a precaution to change your password, just a standard procedure.

it's ok, I deleted my account years ago. Shamed it's happened again tho

V_R · Wednesday at 13:44

Ah I had forgotten I made this thread in 2022, yeah got that same email again yesterday, changed my password as a caution, although it's a random one managed by a password manager.

Reddit - The heart of the internet

www.reddit.com

spudbynight · Wednesday at 13:46

Just a reminder - does everyone have 2FA on their account setup?

ALD · Wednesday at 15:08

spudbynight said:
Just a reminder - does everyone have 2FA on their account setup?

Yes, since the last time this happened.

RobDogDog · Wednesday at 15:37

Got the email today. Luckily it's a random password.

rp2000 · Wednesday at 15:45

No 2FA here but I did reset the password. Had the email a couple of days ago.

rp2000

Illusion · Wednesday at 18:58

I got this and forgot about it so glad I saw the thread as a reminder

Kainz · Wednesday at 20:29

Sorted my server out earlier and enabled 2FA after getting that email. I use Infuse mostly these days so I'd forgot about 2FA not being enabled.

andy_mk3 · Wednesday at 20:32

I use random password ans 2FA so not too bothered. Will reset it soon though.

rp2000 · Wednesday at 20:52

I closed all the ports.

rp2000