Hello all,
Was just wondering if someone could point me in the right direction with a few moments of their time.
My Plex account details were compromised (password changed etc already) recently. Now even after changing the password, it appears that iOS/Android devices are still able to access my content and stream.
I’ve used the “sign all devices out” function when changing my password a few times with no avail. The web portal can no longer be accessed, but non computer devices are able to continue connecting regardless of changing of email username/password.
I’ve also deleted all the devices/users from my Plex.tv settings and invalidated the sessions.
Any help would be much appreciated. Perhaps I’m missing something?
Sincerely,
Go to: https://plex.tv/users/password/new to begin recovery of your account and set a new password
Go to: https://plex.tv/users/edit to edit your account after you’ve regained control through your email address on file.
There you will see your account and you can recover from there.
In the future, you may wish to require your email address and not your account name as there is a security issue going on around you.
Hi ChuckPa,
Thanks for the response - I’ve actually already got control of my Plex account back and changed the email/password etc… Unfortunately all the iOS/Android devices are still connected and can stream content!
I’ve invalided all sessions and devices but they can still connect (including my own iPhone and iPad) - which was never prompted for a new password.
Sincerely,
do you mind disabling remote access for a short period?
I will forward this to a Plex Employee to help with.
Also, did you go into ‘shares’ for your library and disable the users listed?
Working with an employee,
ALL your account tokens have been reset.
All devices must log in with the updated password, INCLUDING the server,.
This means your server must log out and log back in to your account (using EMAIL address) with the new password you just assigned.
All devices must use the new password you assigned as well.
That seems to have done it - thank you.
I’m guessing there’s no way for a user to invalidate tokens?
Sincerely,
Yes, you may invalidate all the tokens when you change the password.
It’s the little check box under the new password
SIGN OUT CONNECTED DEVICES WHEN SETTING YOUR NEW PASSWORD.
Hi ChuckPa,
I did that earlier a few times but it didn’t work.
Maybe it’s a bug or error on my end.
Seems to have handled it now so we can close this request.
Much appreciated.
Sincerely,
Hi Team,
Sorry to rez a somewhat old thread, but this issue has replicated itself once again.
A number of iOS devices which were at one point logged in are still able to access my server (similar issue to above).
This remains the case after a full password reset, kicked all devices off and deleted all devices from users.
Any ideas?
Sincerely,
