I received the security incident email on the 9th, but just received a 2nd one a few minutes ago.
Has there been a 2nd breech or has Plex just messed up their mailing on the topic?
2 Likes
Also confused by this.
Here’s a diff of the most crucial parts of the email (original on left, new on right):
The first message seems like it is geared towards password users, and the second to SSO users?
Yes. The messages are different based on sign-in method. They were also sent over several days. I don’t know the details, but I’ve a couple of test accounts that received the password reset e-mail a day or two after my main account.
I traded messages with a Plex employee regarding the notification e-mails.
The e-mails regarding the security incident (announcement) are still going out.
The messages for accounts using a password vs SSO login are worded differently, as different action is required based on the login method.
If you’ve multiple Plex accounts, then you will receive multiple e-mails.
Check the TO: address in the e-mail to see which account received which e-mail.
Each e-mail address should receive only one notice, but it isn’t 100% impossible that a second might be received.
Gotcha, thanks both. The thing is:
- I reset (not changed) my password after the first email.
- I signed out of all active sessions after the first email.
- I do not have SSO.
What else am I supposed to do?
^^^this
I only have 1 Plex account though - both emails went to the same email address.
Have you inspected the email headers of both mails, to find out which email address they were sent to originally? i.e. before they got automatically forwarded by some “collection” mechanism which reroutes email arriving at no-longer-used addresses etc.
I just did and they are the same.
Do the two mails have the same text or do they differ?
Hi I got email from hello@mail.plex.tv. Regards a security incident , is that a legit email, what should I do.
Basically this:
- change the password of your plex.tv account. Tick the checkbox “Sign out connected devices after password change”. https://app.plex.tv/desktop/#!/settings/account
- stop and restart your Plex Media server
- re-claim your plex server (i.e. connect it to your plex user account again)
- open every and each plex device and plex client app and re-connect them all to your plex user account
The precise method to achieve 3) can differ, depending on the platform where Plex server is running on.
1 Like
The second one is what should only go out to users who use their Apple or Google account to sign in to Plex.
Have you ever used one of these? (Facebook used to be another service, but is no longer available for authentication in Plex)
If you used the same email address for these services, it may be a possible explanation.
https://support.plex.tv/articles/use-federated-authentication-to-sign-in/
If you did not link your account on these websites to your plex account, but you have ever used the buttons “Continue with Google” or “Continue with Apple” (instead of “Continue with Email”) while logging in to plex, you might have inadvertently created a second plex account.
Even if you have never used it actively, it might still be in existence. And was thus contacted now by Plex.
1 Like
Hi Otto,
Thanks for your persistence with this 
I have never used an Apple or Gmail account with Plex.
I have never knowingly used “continue with…”. I have just checked and I do not have any 'Sign in with…" accounts (and, given I haven’t deleted any, it’s a fair assumption that have haven’t created any).
There should explicit information in the email stating the exact timing of the breach. Failing to include that sort of information is an excellent indicator that Plex does not know how to properly handle security breaches and ACTUALLY ensure their users are well-protected.
I received the first email, followed all of the steps including logging everything out everywhere. Everything was back up and running for me in about ten minutes. Then, a week later, I get another email that is slightly different but ultimately urges much of the same activity.
The fact that Plex is not including specific details about when the security incident occurred is extremely poor handling of this sort of situation. Every other provider out there includes the timing of when a security breach occurred in ALL communications that are in relation to it.
The generic approach to handling this situation has led to a LOT of confusion among the community and makes Plex look that much worse as a company.
3 Likes
I’m wondering why it took so long to receive an email regarding this?
I won’t lie, I was a little peeved when I read about the breach in my Google News feed before I heard anything officially from Plex - only way I could confirm what I was reading was seeing the forum post about it… I then received 2 emails about it several days later.
Because there were a lot of users to be notified at once.
A special emailing service (i.e. different than the one which is used to send regular notifications) had to be used in order not to get blocked as spammer.
It was estimated that the whole process took/takes about a week to complete.
1 Like
While this is understandable, still didn’t feel very good reading about it first on Google.
I think this is where server messaging would be a nice feature to have - which is a much sought after feature request. Rather than blasting emails to users over the span of a week, simply having a marque show up at the top of the app or webUI would have been very effective.
