Security, as someone got access to all of my user accounts

[jscheeren 16]

Have no idea how this could have happened, but two parties with UK IP addresses started accessing my Emby library in Canada and playing content. As soon as I marked that user (in user settings) as not having remote access, they just changed to a different user. I had given all users the same password. This happened repeatedly, so I then cut off all users in that same way. But need to find a way to get them back online.

Would anybody have any idea how this could have happened?

I did a search and tried different ways of changing the password for me as the only administrator and did this by just going to my User settings via a browser on the server PC, but ran into a few problems afterwards as a) the Chrome browser on that PC by default, stopped working only when accessing the Emby server on the same PC by right clicking on Emby server icon in task tray - but the Edge browser still worked.... and b) I was getting access from other PC's via Emby Web but still using the old password!

Any suggestions about best solution?

Thanks so much if you can assist.

Edited August 25, 2022 by jscheeren

[ebr 14898]

10 minutes ago, jscheeren said:

Would anybody have any idea how this could have happened?

Hi.  I imagine this was a major point of potential risk:

10 minutes ago, jscheeren said:

I had given all users the same password

One of your users must have shared that password which then opened up access to all your users. 

I would suggest strong, unique passwords and remote access only via https.

[jscheeren 16]

Thanks EBR, but I am still a bit confused about passwords and how to change them all. I have changed the admin password by using "Admin Password Reset
Modified on Fri, 22 Apr 2022 at 11:38 AM" post but am not sure that changing each individual user passwords on server setup will affect all of their connections from apps and browsers as they don't normally have to enter those passwords each time they want to play media.

Thanks, Jan.

[Luke 36992]

13 minutes ago, jscheeren said:

Thanks EBR, but I am still a bit confused about passwords and how to change them all. I have changed the admin password by using "Admin Password Reset
Modified on Fri, 22 Apr 2022 at 11:38 AM" post but am not sure that changing each individual user passwords on server setup will affect all of their connections from apps and browsers as they don't normally have to enter those passwords each time they want to play media.

Thanks, Jan.

That means they either had no password before, or they entered it once and the apps remembered them. Does this help?

[ebr 14898]

Hi.  If you change their passwords, they should be forced to re-authenticate but, just to be sure, you can go to the Devices tab and delete the devices from there and that should force re-authentication as well I believe.

[jscheeren 16]

Thanks Luke,

They did have passwords, so if I change their passwords on the server settings for Users then their apps will prompt them for new password, but will Emby Web, or Emby Connect prompt them for that new password? What then will be the status of their actual account passwords at Emby and on the forum?

Thanks EBR,

There are a large amount of devices in that Tab are you suggesting I delete all as I can't know which devices belong to which users?

 

[Luke 36992]

Changing passwords will be enough.

[jscheeren 16]

Thanks yet again Luke,

So, just to be clear, changing their passwords on one server, will change their passwords to access that server and require re-authentication. But as I have 3 Emby servers in different locations (but only one affected by unauthorized access as per this topic), I will change them also to new password. But out of interest, what if I changed them to different passwords at each server - what then then will be the status of their actual account passwords at Emby, Emby Web, Emby Connect and on the forum?

[ebr 14898]

19 hours ago, jscheeren said:

what then then will be the status of their actual account passwords at Emby, Emby Web, Emby Connect and on the forum?

Hi.  The password on your local users is completely separate from any Emby Connect accounts that your users may have.  Changing the passwords on the local users will have no effect on the Emby Connect passwords.

[jscheeren 16]

Thanks EBR, I sort of assumed that and also assume that the forum passwords might match the emby.media accounts. Confusing part is that the Emby Connect passwords were created whilst setting up the local user accounts. So, how does one change the Emby Connect passwords.

[ebr 14898]

6 minutes ago, jscheeren said:

the forum passwords might match the emby.media accounts

That's correct.  Your forum account is your Connect account.

7 minutes ago, jscheeren said:

So, how does one change the Emby Connect passwords.

Each user would need to do this in their forum account.