HELP! My Plex Account has been Hi-Jacked and then locked with a PIN

My wife called me today to ask why Plex (via Roku) wasn’t working right I had her FaceTime me so I could see what she was talking about and something clearly wasn’t right. After booting Plex in Roku, it would only show this icon of an FBI Logo and “PLEX MIKE” at the bottom - that’s all. If she clicked on it, it asked for a PIN number. So I remote logged into my server to find out someone had removed all accounts and replaced it with “PLEX MIKE”. I was able to reset my password, but now the ONLY user that appears is PLEX MIKE with a PIN number.

I haven’t been home yet to see what damage this joker has done, but how can I remove this user account from my system? Until I do, I cannot make any changes as he has all the access locked up in Plex.

Help!

Your user name can be easily changed:
https://app.plex.tv/desktop#!/settings/account

The PIN can be removed here:
(click on the small green padlock icon beside your user name)
https://app.plex.tv/desktop#!/settings/users/home

Thanks, that worked. After gaining access and looking at what had been done within the account (haven’t been home yet to check out the physical media and libraries) it appears as though a new link had been made to my PlexCloud - the account was linked to a miguelquevedo789@outlook.com OneDrive account. I guess that is the MIKE in “PLEX MIKE” Anyways, I unlinked the account and restarted my PlexCloud Server. I’ve also deauthorized ALL of my devices until I can check things out.

But now my question is “How did this happen?” It’s looking like my PlexPass account was hi-jacked and he was just using the PlexCloud service to use his own stuff.

There are many ways imaginable.
Did you perhaps:

• use the same password for other accounts as well
• have used a ‘public’ computer (internet cafe etc) to access your Plex account
• did accept an invitation to someone else’s Plex Home
• get infected with a ‘key logger’ software which records all your computer activities and sends them to a remote address
  ?

Thanks Otto,

It was a password that I used on other accounts. None of the other items ring-true (although the fact that I’m asking means I’m not completely sure).

So I have reset all of those passwords on all the other sites to hopefully avoid something like this happening again. It just really freaks you out. It looks like my Plex Account had been hacked to the extent that he could setup something on PlexCloud. If was more experienced or malicious, he could have locked me out, but thankfully I was able to get back in and fix it (I think).

It’s also more reassuring to know that my home network wasn’t hacked, it appeared that way because we were trying to watch our own content on our own network and couldn’t.

I will update after a few days to make sure everything is okay.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.