- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Plex data breach
Posted on 8/24/22 at 8:16 am
Posted on 8/24/22 at 8:16 am
Looks like Plex.tv had a data breach yesterday... might want to reset any passwords for your accounts, and if 2FA is not yet enabled for your account, consider doing so.
quote:
Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords.
2
Posted on 8/24/22 at 8:20 am to dakarx
yep. got the same notice. i'm going to check reddit to see if there's more info there. 
get it together, plex. second time my server has been compromised in the last year.
get it together, plex. second time my server has been compromised in the last year.
Posted on 8/24/22 at 8:53 am to CAD703X
quote:
second time my server has been compromised in the last year.
Your server wasn't compromised in any way.
Posted on 8/24/22 at 9:09 am to dakarx
Would this be an issue if we use google account to sign in?
Posted on 8/24/22 at 9:21 am to The Eric
Probably not. They didn't send the notice to users who login with Google credentials.
Posted on 8/24/22 at 10:45 am to j1897
quote:
Your server wasn't compromised in any way.
glad you're so on it.
my server was taken over by an email address in India. I was out of town at the time and had to let a friend in remotely to shut my PC completely down until I could get home and sort it out.
So you don't know WTF you are talking about.
Plex didn't even send an email to me asking to verify about the email address change. They just blindly switched it to AbCidett3234-354485@blah.in without even informing me.
I had to rebuild the entire server from scratch since the other user was busy deleting media when I caught it.
I even posted about it on here but keep on pretending you know me.
I take data breaches a little seriously at plex after that.
and yes i created a new very complex password and enabled 2-factor authentication since then but WTF plex. You didn't even send an email to my existing address asking if it was ok before you allowed someone else to hijack my server with a sketchy-arse email address?
This post was edited on 8/24/22 at 11:05 am
Posted on 8/24/22 at 12:30 pm to CAD703X
quote:
enabled 2-factor authentication
Thanks for sharing your pain. I just enabled this!
Plex is forcing everyone to change their password and I don't know if I was trying to do it at the same time millions other were trying but it was not a smooth process. At all!
Posted on 8/24/22 at 12:45 pm to Jimbeaux28
quote:
Plex is forcing everyone to change their password and I don't know if I was trying to do it at the same time millions other were trying but it was not a smooth process. At all!
The password reset process is working better now than it was first thing this morning when all of America woke up and tried to do it at once.
Posted on 8/24/22 at 4:27 pm to sahikojones
Did a password change this morning as well...total cluster and took way too long to do.
Posted on 8/24/22 at 4:45 pm to Jimbeaux28
quote:
Plex is forcing everyone to change their password
They haven't tried to force me yet. At least I don't think so. I just use my username to login.
Posted on 8/24/22 at 9:09 pm to CAD703X
quote:
had to rebuild the entire server from scratch since the other user was busy deleting media when I caught it.
Why would you allow Plex write access to your library? Should be mounted read only...
Posted on 8/25/22 at 8:18 am to CAD703X
You: "my server was compromised" (present tense)
Me: "no it wasn't" (present tense)
You: "blah blah blah indian guy" (past tense)
Like seriously, wtf are you going on about?
Me: "no it wasn't" (present tense)
You: "blah blah blah indian guy" (past tense)
Like seriously, wtf are you going on about?
Posted on 8/25/22 at 12:26 pm to CAD703X
quote:
CAD703X
Check ya email sir
Posted on 8/25/22 at 2:41 pm to dakarx
quote:
Why would you allow Plex write access to your library?
TV shows for me. Why make myself walk to a computer?
Posted on 8/25/22 at 3:31 pm to CAD703X
quote:
Plex didn't even send an email to me asking to verify about the email address change.
If you wanted Plex to verify both 1) your password and 2) your email address to modify settings, that's called 2 Factor Authentication.
quote:
yes i created a new very complex password and enabled 2-factor authentication since then but WTF plex
so you're running a server wide open to the internet, didn't have 2FA on, and someone got your password, and you're mad at plex for not checking 2 factors?
quote:
second time my server has been compromised in the last year.
nope
Posted on 8/25/22 at 3:38 pm to j1897
quote:
Why would you allow Plex write access to your library?
quote:
Why make myself walk to a computer?
You can do the former without having to do the latter
Posted on 8/25/22 at 4:52 pm to j1897
quote:coming from the fricking idiot who selectively cut my response.
You: "my server was compromised" (present tense)
Me: "no it wasn't" (present tense)
You: "blah blah blah indian guy" (past tense)
Like seriously, wtf are you going on about?
I was pretty clear what happened the last time Plex screwed me but I understand if that's hard for you to follow along with.
Posted on 8/25/22 at 4:55 pm to efrad
quote:no I just wanted them to send an email to my existing address to confirm someone was trying to change the email address used for the last 10 years to some strange email coming from the other side of the world with a link that said 'no I didn't request this change' and 'yes let the hacker in India have it'.
you wanted Plex to verify both 1) your password and 2) your email address to modify settings, that's called 2 Factor Authentication.
You know.. Like every other online company has been doing for a decade before blindly changing it.
quote:wut?
you're running a server wide open to the internet, didn't have 2FA on, and someone got your password, and you're mad at plex for not checking 2 factors?
It's running Plex server and I'm talking about their 2FA option to login into Plex, not 2FA on my PC.
My computer doesn't have remote desktop running so nobody including me can log in except when I'm on my local network. What are you talking about?This post was edited on 8/25/22 at 5:18 pm
Posted on 8/25/22 at 5:48 pm to CAD703X
quote:
It's running Plex server and I'm talking about their 2FA option to login into Plex, not 2FA on my PC. My computer doesn't have remote desktop running so nobody including me can log in except when I'm on my local network. What are you talking about?
I didn't say shite about remote desktop. You said someone breached your Plex account and was deleting media. Maybe I assumed too much but that sounds like someone logged into the Plex interface using your Plex account, which your server grants access to, and from there deleted media from your server. Sounds like shite security to me.
Posted on 8/25/22 at 5:49 pm to CAD703X
quote:
coming from the fricking idiot who selectively cut my response.
You said your server was compromised, it wasn't. Now you're big mad.
Page 1 of 2
Popular
Back to top
Follow TigerDroppings for LSU Football News