Thank you so much. After six hours of basically trying everything, including relearning the art of speaking ssh to a mysterious Western Digital black box (okay, the PR2100), this WORKED. I have my Plex Media Server back, and can now start the process of transitioning to Emby.
Kudos.
I now see a banner on the forum.
1 Like
How about hopping into the thread and giving a reassuring comment to waylay frustrations of the people stating… I got one too and I can’t change my PW?
You should check what I already wrote way above
Well yes and with that tokens the Plex server could be accessed if those were stolen, right (regardless of the login method used).
The use of a stolen token undermines the whole authentication.
If you can’t delete your account and you are in Europe that would break GDPR (privacy laws in Europe) and you can file a complain. And BTW, I do not see the option to download all the data they have from me, I think that would be as well required by GDPR.
1 Like
That’s why we’re recommending everyone sign out all devices, but you don’t have a password to change.
Remember you have 72 hours to send that email to people living in Europe, from the moment the problem was detected. Otherwise you will be breaking the GDPR laws.
Thanks for your message.
1 Like
Now we are talking. So indeed you would recommend EVERY user to logout from all devices, even if they use SSO. THATS my point.
But above you told those users were not affected and nothing to do.
How do you log off from every device BTW when using SSO?
1 Like
I just received a second copy of the original “action required” email, 28h after the first. Wondering whether I’m supposed to reset my password and log out all devices again, or…
You can remove authorised devices from https://app.plex.tv/desktop/#!/settings/devices
Our investigation is ongoing, so things may change or be revised as things progress
Did I reply to your ‘post way above’… or to your flippant “They are working and not causing an argument for arguments sake on the internet”??? Also, does your post above negate said flippant comment?
Ok, so manually removing the devices would result in the same behavior like “sign out from devices” when renewing the password?
Was unsure, because I ticked the checkbox but ALL Devices are still listed under the above link.
When I changed my password and selected the sign out all devices it did indeed force everything to login again. However, the old devices still remained under the device list. I went and manually deleted everything just to be 100% sure.
When plex get out from under this situation and as part of their postmortem they might want to considered auto removing all devices for an account when the sign out option is selected.
1 Like
man, im waiting for more than 24 hours to get an email to be able to reset my password. what the heck?
Why not simply reset it from within the account settings or the login-screen (forgot password)?
I dont know if anyone on this thread has an Nvidia shield TV but following Plex’s password reset instructions has rendered my PMS useless. Thanks for that Plex. I have lost connectivity and i am unable to reclaim my PMS. My only option has been to reset everything and set up a new server. Really irritating. This is the second time I’ve had to do this in the last few months - last time was when Android got upgraded. Crap support for that, crap support for this. Really poor user experience……
I had no issue as well. However, I did read the forum first about claiming the server and if it wasn’t for that, I would have been lost.
When you signed out other devices, you also signed out your plex server. Pull it up on the computer it is running on and you can “claim” the server again.
With the hashed password using bcrypt w/ salt & pepper, I find it near impossible for a 3rd party do be able to do anything with the hashed password. Whats the real scare here?
1 Like
It has already been mentioned, quite a few times. Abundance of caution (plus they are still investigating).
I also prefer not having an email address tossed out in the wild, even a throwaway one. What account detail were also up for grabs ?
