[PLEX] Important notice of a potential data breach

I just got this email. You might want to change your PLEX password and any other account that shares the same password (you really shouldn't have done that anyway though)

Dear Plex User,
We want you to be aware of an incident involving your Plex account information yesterday. While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure.
What happened
Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.
What we're doing
We've already addressed the method that this third-party employed to gain access to the system, and we're doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions. While the account passwords were secured in accordance with best practices, we're requiring all Plex users to reset their password.
What you can do
Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there's a checkbox to "Sign out connected devices after password change." This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password here.
We'd also like to remind you that no one at Plex will ever reach out to you to ask for a password or credit card number over email. For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven't already done so.
Lastly, we sincerely apologize to you for any inconvenience this situation may cause. We take pride in our security system and want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that third-parties will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Plex will never be complacent in hardening our security and defenses.
For step-by-step instructions on how to reset your password, visit: https://support.plex.tv/articles/account-requires-password-reset
Thank you,
The Plex Security Team

Thanked by (1)chocolateshirt

Comments

  • So many breaches happening

  • It just seems nuts that people let some company host this stuff for them, instead of self-hosting. That's an awful lot of linux isos.

    Thanked by (1)vyas
  • @willie said:
    It just seems nuts that people let some company host this stuff for them, instead of self-hosting. That's an awful lot of linux isos.

    @ehab’s “soap” collection

    Thanked by (1)Falzo

    ———-
    blog | exploring visually |

  • @willie said:
    It just seems nuts that people let some company host this stuff for them, instead of self-hosting. That's an awful lot of linux isos.

    Host what stuff?

    Thanked by (3)ialexpw Wolveix skorous
  • edited August 2022

    Just got an email from hetzner too about an abuse. Wonder if it’s related.

    Dear Sir or Madam,
    > 
    > the Simple Service Discovery Protocol (SSDP) is a network protocol
    > for advertisement and discovery of network services and presence
    > information. SSDP is the basis of the discovery protocol of
    > Universal Plug and Play (UPnP).
    > 
    > Over the past months, systems responding to SSDP requests from
    > anywhere on the Internet have been increasingly abused for DDoS
    > reflection attacks against third parties.
    > 
    > Please find below a list of affected systems hosted on your network.
    > The timestamp (timezone UTC) indicates when the openly accessible
    > SSDP server was identified.
    > 
    > We would like to ask you to check this issue and take appropriate
    > steps to secure the SSDP services on the affected systems or
    > notify your customers accordingly.
    > 
    > If you have recently solved the issue but received this notification
    > again, please note the timestamp included below. You should not
    > receive any further notifications with timestamps after the issue
    > has been solved.
    > 
    > Additional information on this notification, advice on how to fix
    > reported issues and answers to frequently asked questions:
    > <https://reports.cert-bund.de/en/>
    > 
    > This message is digitally signed using PGP.
    > Information on the signature key is available at:
    > <https://reports.cert-bund.de/en/digital-signature>
    > 
    > Please note:
    > This is an automatically generated message. Replies to the
    > sender address <[email protected]> will NOT be read
    > but silently be discarded. In case of questions, please contact
    > <[email protected]> and keep the ticket number [CB-Report#...]
    > of this message in the subject line.
    > 
    > Affected systems on your network:
    > 
    > Format: ASN | IP | Timestamp (UTC) | Port | Ssdp server
    >  24940 | xx.X.X.xx | 2022-08-23 10:15:14 | 32414 | db6621d8a203407bb2aad94d982b0c99.plex.direct
    > 
    > Mit freundlichen Grüßen / Kind regards
    > Team CERT-Bund
    

    Team push-ups!

  • ialexpwialexpw OGServices Provider

    @Astro said:
    Just got an email from hetzner too about an abuse. Wonder if it’s related.

    Dear Sir or Madam,
    > 
    > the Simple Service Discovery Protocol (SSDP) is a network protocol
    > for advertisement and discovery of network services and presence
    > information. SSDP is the basis of the discovery protocol of
    > Universal Plug and Play (UPnP).
    > 
    > Over the past months, systems responding to SSDP requests from
    > anywhere on the Internet have been increasingly abused for DDoS
    > reflection attacks against third parties.
    > 
    > Please find below a list of affected systems hosted on your network.
    > The timestamp (timezone UTC) indicates when the openly accessible
    > SSDP server was identified.
    > 
    > We would like to ask you to check this issue and take appropriate
    > steps to secure the SSDP services on the affected systems or
    > notify your customers accordingly.
    > 
    > If you have recently solved the issue but received this notification
    > again, please note the timestamp included below. You should not
    > receive any further notifications with timestamps after the issue
    > has been solved.
    > 
    > Additional information on this notification, advice on how to fix
    > reported issues and answers to frequently asked questions:
    > <https://reports.cert-bund.de/en/>
    > 
    > This message is digitally signed using PGP.
    > Information on the signature key is available at:
    > <https://reports.cert-bund.de/en/digital-signature>
    > 
    > Please note:
    > This is an automatically generated message. Replies to the
    > sender address <[email protected]> will NOT be read
    > but silently be discarded. In case of questions, please contact
    > <[email protected]> and keep the ticket number [CB-Report#...]
    > of this message in the subject line.
    > 
    > Affected systems on your network:
    > 
    > Format: ASN | IP | Timestamp (UTC) | Port | Ssdp server
    >  24940 | xx.X.X.xx | 2022-08-23 10:15:14 | 32414 | db6621d8a203407bb2aad94d982b0c99.plex.direct
    > 
    > Mit freundlichen Grüßen / Kind regards
    > Team CERT-Bund
    

    I've been getting these for quite a while when I install Plex onto a Hetzner server, it shouldn't be related to the OP.

  • @ialexpw said:

    @Astro said:
    Just got an email from hetzner too about an abuse. Wonder if it’s related.

    Dear Sir or Madam,
    > 
    > the Simple Service Discovery Protocol (SSDP) is a network protocol
    > for advertisement and discovery of network services and presence
    > information. SSDP is the basis of the discovery protocol of
    > Universal Plug and Play (UPnP).
    > 
    > Over the past months, systems responding to SSDP requests from
    > anywhere on the Internet have been increasingly abused for DDoS
    > reflection attacks against third parties.
    > 
    > Please find below a list of affected systems hosted on your network.
    > The timestamp (timezone UTC) indicates when the openly accessible
    > SSDP server was identified.
    > 
    > We would like to ask you to check this issue and take appropriate
    > steps to secure the SSDP services on the affected systems or
    > notify your customers accordingly.
    > 
    > If you have recently solved the issue but received this notification
    > again, please note the timestamp included below. You should not
    > receive any further notifications with timestamps after the issue
    > has been solved.
    > 
    > Additional information on this notification, advice on how to fix
    > reported issues and answers to frequently asked questions:
    > <https://reports.cert-bund.de/en/>
    > 
    > This message is digitally signed using PGP.
    > Information on the signature key is available at:
    > <https://reports.cert-bund.de/en/digital-signature>
    > 
    > Please note:
    > This is an automatically generated message. Replies to the
    > sender address <[email protected]> will NOT be read
    > but silently be discarded. In case of questions, please contact
    > <[email protected]> and keep the ticket number [CB-Report#...]
    > of this message in the subject line.
    > 
    > Affected systems on your network:
    > 
    > Format: ASN | IP | Timestamp (UTC) | Port | Ssdp server
    >  24940 | xx.X.X.xx | 2022-08-23 10:15:14 | 32414 | db6621d8a203407bb2aad94d982b0c99.plex.direct
    > 
    > Mit freundlichen Grüßen / Kind regards
    > Team CERT-Bund
    

    I've been getting these for quite a while when I install Plex onto a Hetzner server, it shouldn't be related to the OP.

    It's not related. Should stop receiving them if you disable DLNA/GDM on your Plex server.

    Thanked by (1)hornet
  • Interesting. I didn't get this email yet. Let's see if it appears.

  • @Nekki said: Host what stuff?

    Maybe hosting isn't the right word, but having an account with the company and giving them access to your linux collection. This type of thing should be 100% private.

  • @willie said:

    @Nekki said: Host what stuff?

    Maybe hosting isn't the right word, but having an account with the company and giving them access to your linux collection. This type of thing should be 100% private.

    They don’t have access to your collection. If you don’t want the authentication layer, you don’t need to use it, you don’t even need a Plex account if you don’t want one.

  • williewillie OG
    edited August 2022

    Oh that's interesting, I didn't realize that. That makes it more attractive, though I'll stick with FOSS stuff since I'm a die-hard about that. Thanks.

  • @willie said:
    Oh that's interesting, I didn't realize that. That makes it more attractive, though I'll stick with FOSS stuff since I'm a die-hard about that. Thanks.

    What FOSS stuff are you using? I’d prefer to run my non-shared media on something that isn’t Plex.

  • MasonMason AdministratorOG

    @Nekki said:

    @willie said:
    Oh that's interesting, I didn't realize that. That makes it more attractive, though I'll stick with FOSS stuff since I'm a die-hard about that. Thanks.

    What FOSS stuff are you using? I’d prefer to run my non-shared media on something that isn’t Plex.

    I think the biggest FOSS, Plex-alternative right now is Jellyfin (website, github), which is a fork of Emby. Lots of similarities, but also lots of gaps. It has come a long way, but still has a long way to go to match what Plex can do -- particularly with metadata wrangling, library sharing, and apps to support various devices.

    Thanked by (1)Wolveix

    Head Janitor @ LES • AboutRulesSupport

  • @Mason said:

    @Nekki said:

    @willie said:
    Oh that's interesting, I didn't realize that. That makes it more attractive, though I'll stick with FOSS stuff since I'm a die-hard about that. Thanks.

    What FOSS stuff are you using? I’d prefer to run my non-shared media on something that isn’t Plex.

    I think the biggest FOSS, Plex-alternative right now is Jellyfin (website, github), which is a fork of Emby. Lots of similarities, but also lots of gaps. It has come a long way, but still has a long way to go to match what Plex can do -- particularly with metadata wrangling, library sharing, and apps to support various devices.

    I’ve tried Jellyfin myself and found it severely lacking, so I’m interested to hear opinions on alternatives.

  • @Nekki said:

    @Mason said:

    @Nekki said:

    @willie said:
    Oh that's interesting, I didn't realize that. That makes it more attractive, though I'll stick with FOSS stuff since I'm a die-hard about that. Thanks.

    What FOSS stuff are you using? I’d prefer to run my non-shared media on something that isn’t Plex.

    I think the biggest FOSS, Plex-alternative right now is Jellyfin (website, github), which is a fork of Emby. Lots of similarities, but also lots of gaps. It has come a long way, but still has a long way to go to match what Plex can do -- particularly with metadata wrangling, library sharing, and apps to support various devices.

    I’ve tried Jellyfin myself and found it severely lacking, so I’m interested to hear opinions on alternatives.

    I have both Plex and Jellyfin running on different servers with the exact same library. Jellyfin doesn't list a lot of media (movies especially) properly while Plex has no issues scanning. I'm very confident Jellyfin devs fix issues and make it more promising in the future.

  • Aye, it was a pain to re-learn how to re-claim the servers.

    Thank you for the tip about "Should stop receiving them if you disable DLNA/GDM on your Plex server"

Sign In or Register to comment.