I received an email yesterday from Breach Alarm and Plex is the only site on the list that I am a member of.
Changing my password now. I recommend others do the same!
Interesting. @elan any comment?
I ‘think’ that is old news resurrected from the dead (the last breech)…
I could be wrong, but what’s the worst that can happen? Someone’s watching my material? Not for long 'cause at 6Mbps the buffering is going to make their head explode… maybe we should encourage that behavior and do the world a favor…
R-VH Rated (Violence and Humor)
Hopefully its a false alarm but Breach Alarm are usually correct. I have seen instances where people have received emails from BA, posted about it on the relevant forums (Like I have) and the devs have come back a few hours later and said “oh bugger it seems we DID get hacked”.
Also, it is always important to change your passwords regardless, as there are a lot of people who use the same username/password combination on multiple sites. I am guilty of this myself but only on sites I don’t care about. Its a bad habit I am trying to break! Wouldn’t it be nice though if they hacked us and paid our premium service instead of streaming our video :))
Would be nice to get some more information on the scope of this compromise. Hopefully they haven’t popped a shell or anything on the server x.x
Apologies for the link to a Plex Pass-only forum
Below the post I linked to in copy:
posted by @“Chris C”
To be very clear:
- There is not a new compromise.
- Recent alerts/notifications/postings/whatever on various sites (haveibeenpwned, BreachAlarm, etc.) are about the forum server compromise from 2015-07-01.
- The actual data/database recently got posted to a new site, which triggered the new notices/publicity.
- Right after it originally happened (2015-07-02), we changed the passwords of all affected accounts and sent those accounts an email explaining how to reset their password.
- More details can be found in our blog post about the incident: Security Notice: Forum User Password Resets
So, it’s not new news. That said, it’s always better to be safe when it comes to your online security. You’re welcome to change your account password again if you like (hopefully, you used a different password back when it was originally changed!) - as always, we encourage users to both use strong passwords and to never re-use passwords between different sites.
Thanks for clearing this up OttoKerner. I am glad it was just old news as some suspected.
But as you said… its better to be safe than sorry! I use 12-24 char random generated passwords with numbers/lower/upper/symbols/special-char etc now. One for every site.
I got burnt a while back because of a “Talk-Talk” email breach here in the UK and a few gaming accounts got brute forced and stolen…
Normal passwords are no longer safe in today’s world… but strong passwords are impossible to remember! Its SHOCKING how many big sites today still don’t have the 3 try lock out feature though. Even a 5 minute lockout would make a brute force attack a waste of time. Some sites don’t even allow more than 8-10 characters in a password… or use of symbols etc. Its ridiculous for this day and age.
Thankfully two-factor authentication is getting more common though.
Anyway I won’t ramble any more. 
Cheers!
