Hello all,
While relaxing on the couch this evening, I checked my email, and noticed an email from Plex saying that a new device was used to sign-in to my Plex account. This occurred around 7:09pm CST, and I read the email and changed my password by 7:39pm CST. Now I’m tearing through logs trying to find if this login was actually acted upon. This was the information about the login under my account, per the email.
- Device: Plex Auth App
- Location: Guatemala City, Departamento de Guatemala, Guatemala (estimated)
- IP address: 190.122.186.212
From the Plex Media Server.log, I find my TV’s app running consistent keep-alives, but not the login with this IP, or even an unknown device…at least not yet. I’m wondering if there are tell-tale signs I should look out for, especially when it comes to finding if any settings/config was changed. Obviously they didn’t lock the PW and knock me out, and I don’t see any changes to the authorized users list. I’m guessing they were looking for weak PW’s, and admittedly, my PLEX account was on an old, seldom used PW, which thankfully isn’t shared by anything important. Maybe some old forum logins. Needless to say, I’m checking all my important personal things, but are there other important PLEX logs I should check? I am not uploading them, as I have had the logs running VERBOSE for a while. Thoughts?
