Hi Devs,
Just wondered if there’s any more info to a recent post I saw on reddit in reference to the previous forum hack?
I have not received any spam email as yet but would be good to know if you guys are aware of anything.
Kind Regards
Tylor
Old hack. Not new.
Here’s the information I have as of yet…
Breach: Plex
Date of breach: 2 Jul 2015
Number of accounts: 327,314
Compromised data: Email addresses, IP addresses, Passwords, Usernames
The date shows July of last year, yet I got the notice overnight. Either way, first step would be to change the your password straight away. I’m sure the Dev’s can shed more light on the subject.
@tclarson said:
Either way, first step would be to change the your password straight away.
This was actually enforced for all plex accounts right after the hack.
If they released it just now, all password information is stale.
See…sweet!! lol
@OttoKerner said:
@tclarson said:
Either way, first step would be to change the your password straight away.This was actually enforced for all plex accounts right after the hack.
If they released it just now, all password information is stale.
Plex accounts would be safe but the danger is the (possibly) recovered password being used on other accounts. Many people reuse the same username and password on many different websites, mostly connected to the one email.
I had to change a butt load of passwords for other sites back in July because of this breach. Now I use a password management program to have different passwords for most websites. And I have 2FA enabled wherever possible.
EDIT: does anyone know if any actual passwords were extracted after this breach? Or does it depend on the strength of the original password?
@jdbrookes said:
Plex accounts would be safe but the danger is the (possibly) recovered password being used on other accounts. Many people reuse the same username and password on many different websites, mostly connected to the one email.
This was mentioned in the blog post I linked to and was also mentioned in the email which was sent to every Plex user after the breach.
“It’s worth taking a moment to remind everyone that it’s super important to choose strong passwords, never share them, and never re-use them on different sites. Even better, consider using a password manager like 1Password or LastPass to create unique, strong passwords for all the sites and services you visit.”
Seems like email-addresses are actively used for spam/scam now. I have an unique email-address only for Plex and got an email from the President of Republic du Benin, Patrice Talon, to this address just a few minutes ago:
[edit: removed the 419 scam mail content]
That was only a question of time.
