I was reading through the announcements looking for info about bug fixes since the current stable PMS is crashing on MacOS. I ran across the info on the data breach that happened back in August.
I noted that the post mentioned that Plex users would have their passwords reset, essentially forcing a password change (makes sense under the circumstances). Was this just for the limited subset of users whose data may have been accessed? Or should that have been for everyone? The reason I ask is, I never had a password reset and honestly can’t remember if I heard much about the breach. I haven’t changed the password since August and I’m wondering what ramifications that might have had.
I’m also asking because if the Plex Team thought they had reset all the passwords, mine didn’t and that I might be something that they weren’t aware of. This honestly isn’t a complaint post but trying to understand what was meant to happen and help by letting the Team know that, at least in my case, no password was reset. I’m wondering if others might be in the same position and not know there was even an issue that took place.
@dane22, thanks so much for taking the time to respond and for checking my account.
This is very strange because I never sign in using Google Auth - but only via email/password. I never remember using GAuth. If it’s showing GA, can I get rid of that somehow? I do not want to use their sign in…super confused. EDIT, found out how to remove GA via the link you set above. Thanks for that!)
Given that something in your system is showing our account using GAuth, does this mean that the breach may have compromised my Google password, regardless of the fact I’m not actually using GA?
Lastly, since a person can obviously use sign-ins from email/password, GAuth, Sign-In with Apple, or FB, why didn’t the system at least reset the underlying email/password method? Was this a choice or a glitch in what was intended to happen.
Thanks for being so transparent and helping us secure things again. I really appreciate that.
And while I was replying, you edited your post and added stuff
Our main strategy was to send out an email to our user database, to inform them what happened, as well as the steps they needed to take.
Sadly, we where hit by something we didn’t think about, and that was, that an email blast this big, would trigger a lot of mail hosting companies, Google included, to either defer our email, or simply drop it, since it was considered spam
So that’s where you ended up as a stranded user, and so sorry for that, SNIFF
