Important Notice of Security Incident
forums.plex.tv
We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure. What happened An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication...

We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure.

What happened

An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication data.

Any account passwords that may have been accessed were securely hashed, in accordance with best practices, meaning they cannot be read by a third party. Out of an abundance of caution, we recommend you take some additional steps to secure your account (see details below). Rest assured that we do not store credit card data on our servers, so this information was not compromised in this incident.

What we’re doing

We’ve already addressed the method that this third party used to gain access to the system, and we’re undergoing additional reviews to ensure that the security of all of our systems is further strengthened to prevent future attacks.

What you must do

If you use a password to sign into Plex: We kindly request that you reset your Plex account password immediately by visiting https://plex.tv/reset. When doing so, there’s a checkbox to “Sign out connected devices after password change,” which we recommend you enable. This will sign you out of all your devices (including any Plex Media Server you own) for your security, and you will then need to sign back in with your new password.

If you use SSO to sign into Plex: We kindly request that you log out of all active sessions by visiting https://plex.tv/security and clicking the button that says ”Sign out of all devices”. This will sign you out of all your devices (including any Plex Media Server you own) for your security, and you will then need to sign back in as normal.

Additional Security Measures You Can Take

We remind you that no one at Plex will ever reach out to you over email to ask for a password or credit card number for payments. For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven’t already done so.

Lastly, we sincerely apologize for any inconvenience this situation may cause you. We take pride in our security systems, which helped us quickly detect this incident, and we want to assure you that we are working swiftly to prevent potential future incidents from occurring.

For step-by-step instructions on how to reset your password, visit:https://support.plex.tv/articles/account-requires-password-reset

  • Saik0@lemmy.saik0.comEnglish
    105·
    12 hours ago

    You can use Jellyfin with wireguard and still have what Plex does.

    Okay… Run wireguard on a roku TV or other many other common media devices. You can’t…

    Unless you want to run an open streaming service (which would probably be illegal in most countries anyway).

    You can use Plex and JF both without actually hosting illegal content. You should still be worried about devs who refuse to fix a basic security issue that they actively block from being merged.

    90% of Plex users probably don’t need what Plex does and would be happy with Jellyfin.

    probably… and 99% of users likely have no idea how to secure things properly on their own. Which makes this whole premise even more dangerous for the “typical” person.

    • Vanilla_PuddinFudge@infosec.pubEnglish
      61·
      10 hours ago

      You can use Plex and JF both without actually hosting illegal content.

      Where’s the fun in that? We’re on Lemmy. Cut loose a little.

      • Saik0@lemmy.saik0.comEnglish
        11·
        11 hours ago

        Well… I mean… you can host your spank bank materials there. Fun is what you make of it.

    • Vanilla_PuddinFudge@infosec.pubEnglish
      57·
      11 hours ago

      Okay… Run wireguard on a roku TV or other many other common media devices. You can’t…

      Sucks for you. Android TV boxes can, Linux Media PCs can. Weird. Almost like you’re pirating media and you can’t be asked for a bit more effort.

      • Saik0@lemmy.saik0.comEnglish
        62·
        11 hours ago

        Sucks for LG tv people… and Samsung Tizen users… And all sort of other people too! But I guess you go out of your way to purchase hardware for everywhere that you go and want to watch TV then, eh?

        I sure as shit am not dragging a whole Media PC setup to a hotel with me. Or to my in-laws house. Or my aunt’s… But they all have a roku.

        Your answer is effectively throw money and support at it… which isn’t really a good answer. Especially the moment the user isn’t strictly “you”.

        • Vanilla_PuddinFudge@infosec.pubEnglish
          58·
          11 hours ago

          I sure as shit am not dragging a whole Media PC setup to a hotel with me.

          I’m sure as shit not paying a third-party a subscription for piracy.

          Push-pull, Plex kiddie. If it was easy, everyone would do it. I guess you don’t care enough about your own media being yours. I like security, it’s why I use a VPN with Jellyfin and don’t just freely give my media over to a company to take care of.

          Checks the OP

          Oh yeah, this entire thread is about Plex being hacked, not Jellyfin. I remember now. Why should any of us be on the backfoot if you guys are the ones fucking up?

          • Saik0@lemmy.saik0.comEnglish
            72·
            11 hours ago

            I’m sure as shit not paying a third-party a subscription for piracy.

            I bet you’re wrong on this. You very likely either pay for a VPN subscription that you primarily have for torrenting content, or for usenet access to get content.

            I guess you don’t care enough about your own media being yours.

            LMAO. I love that the previous sentence you admit to piracy then claim it all to be yours.

            and don’t just freely give my media over to a company to take care of.

            Neither do I. Now you’re just making shit up.

            • Vanilla_PuddinFudge@infosec.pubEnglish
              27·
              10 hours ago

              You very likely either pay for a VPN subscription that you primarily have for torrenting content, or for usenet access to get content.

              Anonymously, using monero, get on my level.

              LMAO. I love that the previous sentence you admit to piracy then claim it all to be yours.

              Sure do, don’t care, either. Morality is for subscription payers. Speaking of which…

              Now you’re just making shit up.

              Forget that Plex subscription comes out monthly, huh?

              • Rekorse@sh.itjust.worksEnglish
                51·
                6 hours ago

                You dont know enough about plex to be able to accurately criticize it, which is undermining your point.

              • Zeoic@lemmy.worldEnglish
                51·
                7 hours ago

                What makes you think they pay a monthly subscription? That is an uncommon and unnecessary part of running a plex server. Most would have either bought lifetime or stayed on the free version.