Plex hacked: passwords, usernames and email addresses affected
Click here to post a comment for Plex hacked: passwords, usernames and email addresses affected on our message forum
anticupidon
Oops.
Dragam1337
Hadn't seen the mail - changed PW right away now ! Thanks for the heads up
WhiteLightning
Moderator
changed it, had 2 factor authentication on anyways.
anticupidon
Glad I went with Jellyfin.
gUNN1993
I mean they could have been hacked and just not told you about it
anticupidon
True. Nothing is ever 100% secure.
Tat3
Plex? Never heard about it before. 20million users...
Jellyfin? Not heard about that either...
0blivious
I use it for free on a local network with external access for PLEX blocked. It's never had any of my personal data or CC#s beyond just an email address.
I'll change all the affected devices, but am I missing something? Not sure what exposing my video playlists/habits is going to nefariously accomplish. I suspect this is more scary for people who pay and use PLEX on the road (open to web).
DarkQuark
I doubt anyone was after anything outside of usernames, emails and passwords. That sounds somewhat less egregious but such things are used for credential stuffing attacks. This affects a lot of people that reuse passwords which is probably most people. So while maybe all they did was get your Plex credentials if you reuse them at your bank or whatever then you are at risk.
From what I understand, to Plex's credit, they notified everyone VERY quickly and they did even force password resets. I know this because I got the email in the wee hours of the morning and I went to change my password and it was already forcing me to reset. I have used Plex for years and I do use it remotely and I have to this point (knock on wood) not had any security issues.
Agonist
And clown comment goes too.....
Plex handled this very well.
Krizby
Change password for every other site too...
anticupidon
There we go with all of this. If it makes you happy.
Thanks, I just love posting here. Replies like yours makes G3D a wonderful place.
Cheers!
gUNN1993
Also the passwords were all encrypted, so probably not actually an issue (although ofc still change password just in case)
schmidtbag
I tried Plex for a few days and other than compatibility with more file formats, I just didn't really care that much. Back when I still used a smart TV, I just used miniDLNA - works with the most basic apps, uses practically no resources on your server, works on just about any CPU architecture, and gets the job done just fine.
Now, I don't use either. I just have my computers play media files directly.
The1Mistifier
I'm a long time Plex user and never got the email, so thanks for this heads-up - everything changed 😀
Dribble
Not strictly true - when they didn't have encripted pw'd it's hard for them to crack. Now they have got the file with them all in they can run over them at some huge rate and will probably have most of them cracked in a few days. If your password uses words and the standard tricks for replacement it will probably be decoded.
gUNN1993
Wow that's madness, well glad I use 20 character randomly generated then XD
crashburn162
If you log in with Google you don't have a password so nothing to steal I guess 🙂 .
Venix
I never used anything like that ....hell I did not even knew the service ! And nowdays I just user the build in droidcast in my phone battery is not and issue and I do not even have to move my royal butt anymore 😛
