I have a unique email address used only for Plex. I have just received a load of spam sent to that email address. This leads me to conclude that either you have been hacked or you have sold my email address. Can you please investigate and respond as a matter of urgency.
I would have preferred to communicate this privately in the first instance, but your contact form does not allow anyone to access technical support so I have no choice.
Our old forum software was compromised in July of 2015. We had all passwords of folks who used forum forced to be reset. We sent out emails to all folks who ever used our forum software and were affected at time. Your forum account as existed since 2013 and were sent the email at the time. Our public blog was updated the day after it happened with details. If you do not still have that email the blog post here https://www.plex.tv/blog/security-notice-forum-user-password-resets/
And I changed my password on 2nd July 2015 at 14:31 GMT, according to my system. And I have just changed my email address
I find it extremely hard to believe that hackers would have sat on an email address for nearly two years before attempting to use it.
Believe it or not: there are specialised websites collecting and offering data hives for download which were looted during such hacking campaigns.
All of the data from the old Plex forum was available on such a website already for years, unfortunately. And it is really pointless to ask them to take it down. They tell you something about “informational freedom” and set up just another 5 mirror servers.
It happens, using old email lists, quite often
See: http://www.google.com/search?q=plex+vpn+spam&oq=plex+vpn+spam
I can understand OP. How about suing these website operators on behalf of all affected Plex users? Like a class-action lawsuit? I hope your customer’s security and privacy is of enough importance to Plex Inc. That’s how you build trust in your brand and company.
You know, instead of just shrugging and saying “these things happen”.
Sorry to be a pain in the a**, but this makes me and others who are affected angry, and Plex should own their responsibility and do something about it or risk losing customers and brand trust.
How about three months free Plex Pass for OP? Personally I’d much rather prefer you actually address the problem though.
@“The Boojum” said:
And I changed my password on 2nd July 2015 at 14:31 GMT, according to my system. And I have just changed my email addressI find it extremely hard to believe that hackers would have sat on an email address for nearly two years before attempting to use it.
After the Yahoo hack I missed one system that used my email and, over 1.5 years later, there was some related fraud with the system that used that account’s email. That fraud got reversed but the fact is that the hackers did not use the info the obtained for a LONG time, in fact and extremely long time in cyber time.
I do not think that they “sat” on the info but rather it took time for them to progress through the plethora of data they had. That “could” be the case in the situation here.
BTW: Once they have the email they do not need any password to spam the address so changing the password only prevents account access not future spam.
