Plex well and truly hacked

[badaas 139]

Just in case like me you dont visit much but have a password there.

 

http://cordcuttersnews.com/plex-tv-forums-have-been-hacked/

[ebr 14910]

Yikes.

[Abobader 2942]

Yes, they send emails for their users about it.

[drakus72 17]

WOW. I don't use plex, but I hope all that use it and have accounts are good.

[saitoh183 137]

yeah it sucks ass...changed my password as soon as i got the email

[jasonmcroy 315]

Yes, I received an email from them today about that. I remember trying to go onto their forums last night and kept getting a time out error. I just changed my password today for the Forum. Per the email I got there is no saved CC data or anything on those servers.

 

-Jason

Edited July 2, 2015 by jasonmcroy

[im85288 1493]

Yeah wasn't sure if it was a scam email...always cautious of clicking links in emails.

[denethor 90]

People who lazy enough to use same password with associated email provider on their forum user should also have to change their email provider password.

Like myself

[ebr 14910]

People who lazy enough to use same password with associated email provider on their forum user should also have to change their email provider password.

Like myself

 

I doubt there is any way the hacker could have gained access to your actual password.  It is never actually stored anywhere.

[jjspierx 11]

The email stated they got everybody's encrypted passwords, so what they got is salted and hashed passwords.  For really simple passwords, they might be able to brute force the salted and hashed passwords, but that is a lot of work and processor power.  Good idea to change passwords anyway, but unlikely that most people's passwords will be compromised.

[Deathsquirrel 741]

I'm not a user of Emby Connect but, in light of this, I'm curious if a similar forum compromise here would be cause for concern for those that do use that function.

[denethor 90]

By the way that's why we should not have "enable delete local media" option in Web UI. This capability should be managed by local xml files on server.

Or at least it should be op-out. I simply don't want to see that option. I could happily set this kind of property in my server:

<disabledeletefiles>true</disabledeletefiles>

For those who wants their client apps delete local media can simple would not add above config. Edited July 2, 2015 by denethor

[CBers 6768]

I couldn't get on the Plex forums earlier to change my password.

 

Still timing out now as well.

[swhitmore 781]

In light of this, are our passwords encrypted here?

[Angelblue05 4130]

Always encrypted, yes. I would be shocked to hear otherwise

 

 

Sent from my iPhone using Tapatalk

[ebr 14910]

In light of this, are our passwords encrypted here?

 

Of course.  It would be very difficult for someone to obtain anyone's real password.  This is why you can't even discover it if you forget it.  You have to change it instead.

[badaas 139]

Quite ironic considering it took them nearly 3 years to fix certain ''holes'', then finally gave out certs to everyone last month

I know they're blaming it on the PHP board software and it is nothing to do with ''their'' software/servers.

[Abobader 2942]

Good day,

 

Attacking is attacking, you can not do anything about it for wan services, you can do your best to close the holes here or there, patches the software you use.

 

But they will always be away "someone" found something, you have to live with these factors.

 

Nothing new/old in this matters. Indeed nothing to put down Plex admin's about, it just happens.

 

My best