Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Plex Asks Users to Reset Passwords Following Data Breach

Crap my Plex account used an old pw I used back in the day when I reused the same PW (as many of us did). Looks like I'm going to have to go through and mass change all my older account passwords. Thanks Plex.

At least they admitted it.
 
bLackjackj said:
As mentioned, if you have the server open, open Plex and change your password. Set a PIN and 2FA,..make sure to check the box for logging out of all existing connections. Once done, you're all good.
Click to expand...
I think you replied to the wrong comment. I know how the process works. Their password reset page was just down.
 
boombass said:
Now Plex does not even see the server software installed on my Synology NAS. It was working just this morning. This is frustrating.
Click to expand...
Go to the IP address of your NAS plus :32400 so 192.168.1.20:32400 for example and then re-login to Plex there and claim the server as well if needed.
 
bLackjackj said:
Accounts have just been compromised & you want to recommend an unauthorized script to claim your server??!!

If you are having an issue, contact PLEX,..don't use potentially risky scripts!
Click to expand...
I get your meaning, but if you look at the bash script…it’s just inserting the new server claim token into the preferences file.

But you’re totally right: don’t run shell scripts you don’t understand!
 
Is there a way to connect to your locally hosted plex server to continue watching when plex is down?
 
groove-agent said:
Crap my Plex account used an old pw I used back in the day when I reused the same PW (as many of us did). Looks like I'm going to have to go through and mass change all my older account passwords. Thanks Plex.

At least they admitted it.
Click to expand...
Many of us never used the same password across sites. What surprises me is you apparently understood the risk of doing so, but hadn’t done anything about it until a confirmed hack.

Unfortunately I think many of these companies have a similar lax attitude toward security and that’s why they get hacked, from incompetence and laziness.
 
  • Like
Reactions: russell_314
planteater said:
Many of us never used the same password across sites. What surprises me is you apparently understood the risk of doing so, but hadn’t done anything about it until a confirmed hack.

Unfortunately I think many of these companies have a similar lax attitude toward security and that’s why they get hacked, from incompetence and laziness.
Click to expand...

You say "many of us never used the same password". I help people all the time with computers, and I can tell you that most of them *DO* use the same passwords, especially older users. I'm not sure how you can speak for whatever "many of us" is, or what population sample "many of us" represents, but I'm sure you don't represent the majority of the population because that would be impossible unless a study was done.

I can't speak for you, but I've been using the internet since before there were web browsers. Back in the day, there was little knowledge of the internet and thus very little ads, and hacking.

As more and more businesses became online it now became difficult to remember different passwords for each business, but hacking was still not prevalent yet. That's when a lot of us probably started using the same passwords. The main fault of passwords at that point were having passwords that were too easy to guess which were vulnerable for brute force attacks.

Once the hacking started becoming an issue, I personally started to switch up the passwords and kept an encrypted file in a program that was password protected. I went back and proactively changed the critical accounts (such as email) but by then there were dozens of less significant accounts that needed to be changed so I prioritized most of the critical accounts (not Plex).

In the last few years there has been significant awareness for password re-use due to the proliferation of cyber crimes and smaller businesses (and larger aka Facebook) who don't bother with proper security. Safari warns you about re-use of passwords and offers to generate them these days. Every new account of mine gets it's own unique password, but there were still a few old accounts left that should be changed thanks to the Plex hack.

So if you think that I didn't even consider security and did nothing about it, you couldn't be more wrong. You need to stop making assumptions about others and condemning them with your holier-than-thou attitude.
 
  • Like
Reactions: russell_314
groove-agent said:
You say "many of us never used the same password". I help people all the time with computers, and I can tell you that most of them *DO* use the same passwords, especially older users.
Click to expand...
I’ve done it for years but in 2022 there really is no reason to do this. You can use a password manager like 1Password or even the built-in password manager in macOS. It will generate secure passwords and each website will have a unique one. If you have a bunch of accounts it’s going to take a little bit but it’s well worth the peace of mind. Also consider adding two factor authentication to your most important accounts like banking and email accounts associated with those banking accounts.

It’s a very common tactic where hackers will attack an easy target and then try those same credentials on other sites like banking websites.

No judgment from me just some advice. If I see someone doing something that I think might be a little crazy I will say hey maybe don’t do that but if they want to do it then that’s their choice. Everyone has to do their own thing.
 
groove-agent said:
You say "many of us never used the same password". I help people all the time with computers, and I can tell you that most of them *DO* use the same passwords, especially older users. I'm not sure how you can speak for whatever "many of us" is, or what population sample "many of us" represents, but I'm sure you don't represent the majority of the population because that would be impossible unless a study was done.

I can't speak for you, but I've been using the internet since before there were web browsers. Back in the day, there was little knowledge of the internet and thus very little ads, and hacking.

As more and more businesses became online it now became difficult to remember different passwords for each business, but hacking was still not prevalent yet. That's when a lot of us probably started using the same passwords. The main fault of passwords at that point were having passwords that were too easy to guess which were vulnerable for brute force attacks.

Once the hacking started becoming an issue, I personally started to switch up the passwords and kept an encrypted file in a program that was password protected. I went back and proactively changed the critical accounts (such as email) but by then there were dozens of less significant accounts that needed to be changed so I prioritized most of the critical accounts (not Plex).

In the last few years there has been significant awareness for password re-use due to the proliferation of cyber crimes and smaller businesses (and larger aka Facebook) who don't bother with proper security. Safari warns you about re-use of passwords and offers to generate them these days. Every new account of mine gets it's own unique password, but there were still a few old accounts left that should be changed thanks to the Plex hack.

So if you think that I didn't even consider security and did nothing about it, you couldn't be more wrong. You need to stop making assumptions about others and condemning them with your holier-than-thou attitude.
Click to expand...
If you work in IT, you surely are made to watch yearly videos about security. Yet you came here and publicly stated that you knew you should change your passwords but didn’t. Yes, it is the individual that puts most businesses in security jeopardy.
 
Last edited:
russell_314 said:
I’ve done it for years but in 2022 there really is no reason to do this. You can use a password manager like 1Password or even the built-in password manager in macOS. It will generate secure passwords and each website will have a unique one. If you have a bunch of accounts it’s going to take a little bit but it’s well worth the peace of mind. Also consider adding two factor authentication to your most important accounts like banking and email accounts associated with those banking accounts.

It’s a very common tactic where hackers will attack an easy target and then try those same credentials on other sites like banking websites.

No judgment from me just some advice. If I see someone doing something that I think might be a little crazy I will say hey maybe don’t do that but if they want to do it then that’s their choice. Everyone has to do their own thing.
Click to expand...

Yep, phishing scams get an email and password then check common accounts such as amazon etc to see if it's the same password. This is why it's better to have a username instead of an email address for your login (like Macrumors does).

I use two factor authentication and authentication apps on all my critical accounts if they offer it. Also Safari's password manager works well, but not 100%. I was hoping for a 1password-like app for the new Ventura/ iPadOS/ iOS.
 
  • Like
Reactions: russell_314
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back