Last night somebody hacked into my Plex account and made a payment through Paypal for a lifetime subscription.
I received an email from Plex letting me know the account details had changed and so I immediately changed them back using the recovery code, changed passwords etc. and opened a case with PayPal to try and claw back the money. Not that a lifetime subscription would be a bad thing, just that I’d rather be the person authorising it than some spotty little hacker!
The email address used in the hack was [deleted by mod]
I think Plex should add some form of additional security to their payments system since many of us have linked PayPal accounts. 2FA perhaps, but at the very least when an account has just had its email address changed and is logged in from an unknown IP address it shouldn’t be allowing large payments to go through unquestioned. Here’s hoping I can get that money back…
