In my case like some of these users I found a user called "computerguyiptv" on my system (showing as a cloud user).
Having just spent the better part of a couple of hours digging in to this I am pretty happy to say that while you guys are clearly working on the security, it sounds like long standing defaults are making a right mess of this. In my case I did not have an admin password set and remote access was turned on. As far as I can tell those two were both defaults when I installed Emby as a package on my Synology NAS a couple of years ago.
I actually wasn't aware Emby was using uPnP to add a port forward and it turns out my router kindly does not show uPnP added entries alongside user added ones, so from my point of view there was no remote acces, hence my lack of caring about an admin password.
It sounds like you guys have changed some defaults now and also changed it to not allow remote access without a password. That sounds great, but can I check that these are retrospective changes applying to running systems, not just newly installed ones? My guess is not as I was up to date and I still got caught.
Having since pulled my activity log from the database I actually feel a little sick going through finding events that were not me. I can see remote users accessing my content and have been for the last month. People even connecting their smart TV's to it.
This has left me feeling really uneasy about my emby install, which at this point I am considering deleting to be certain they have not placed a malicious file in the system for a later date. That said I am not seeing a sane/easy way to backup current settings, so that may be slightly more annoying.
What scares me the most about all of this is I work in the IT industry, I am a developer by trade and I had not noticed this nor prevented it. That tells me your average user is really going to struggle with this. I had not gone hunting through all the advanced settings looking for defaults like remote access.
Feeling really unimpressed, especially since I pay for the premium service.
Would appreciate your thoughts and some reassurance that this is being taken seriously as an issue.