Attacker snags account details from streaming service Plex Users of popular streaming and media organizing service Plex are waking up to an unpleasant email this morning saying, in the words of a Reg reader, "Plex have been hacked and their main site is down as we all rush to change passwords." The email, forwarded by several readers, states that a third-party attacker was able to …
Endorsed.
I switched to Jellyfin for the second time this summer and this time it stuck. It's entirely usable now with only a few minor glitches. And a *very* long initial scan when I accidentally pointed it at my largeish music library.
I'm using the Roku app, the Android TV app and the web app and they all work.
Ah yes I reset my password without looking and then found I wasn't authorised for my Plex install. impossible to claim back my server through the gui, found the forum had around 30 people with the same issue as me.
Instructions for claiming back were all over the place and different wherever you looked with forums having extra steps. Use the linux instructions on the forums, the NAS instructions are cobblers.
Just now raging my interface for tv and tablet reset (Thanks for removing all my server shortcuts and not adding them back when claimed!).
Friend has Embery and is gloating, so think this is the kick needed to look at it and some others, as not interested in the spammy features being introduced and I pay yearly I expect to be able to log a proper support ticket (Reason my friend went to Embery when he had an issue with Plex Media Server randomly crashing and got told sorry nothing we can do even though he had PlexPass).
I got the email first thing this morning.
The problem was that they sent it out, but were then obviously doing things to the Plex site. So it wasn't initially possible to change your password, and then you couldn't log in because Plex was down.
Once I'd got through that, my Fire Cube decided it couldn't see my files because the password change had messed up the authorisations (from what I could gather from the messages). All was working on the NAS - eventually, because with Plex being intermittently down it kept tossing errors at me.
I ultimately ended up deleting Plex on the Cube and reinstalling it, after which it wouldn't even show online content, let alone my NAS, and that was after not being able to use the Plex connect feature, because that was also intermittently down. But on the Plex forums it became clear that there were still issues and everyone else was having the same kinds of problems (once you filtered out the pointless discussions about what sort of password to use, which was about 95% of them, actually).
Finally, I uninstalled and reinstalled it again this evening and it connected first time.
Bloody annoying, though.
I registered years ago, tried it and it was not for me (ironically had various security concerns)
The notify all users thing is irritating as no idea if my old, inactive account was included.
.. though it does smell like they are not sure what data has been lost and are thus notifying everyone
Apparently, they did not reset all passwords; I was able to login today with a direct password, and was not asked to set a new one.
The messy communications around this incident makes me believe they were pretty much blindsided by it and didn't really have a plan for it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
