Recently I did a Google search for my username/email and learned that there are tons of plex accounts including my own that have been compromised and are available in plain text on the internet in a pastebin. How could this happen? Is Plex storing our info unencrypted or what?? I can provide a link to it, but only securely because not everyone needs to know everyone’s stuff obviously. This is bullcrap as far as I’m concerned. Plex has been around too long to be storing stuff in plain freaking text.
See Getting spam emails to my plex email address
TL;DR: old news, lessons learned
This pastelink is from December 18, 2019 though? Also I was literally never notified of it.
The breach happened in 2015. Is your Plex account that old?
No my account is not that old. It’s a different breach then obviously.
Could you send me the address of that pastebin per PM, please?
Thank you, I will forward this to the right people for investigation.
I recommend everyone who is re-using passwords and/or user names on several online services to check if their credentials have been leaked elsewhere.
The same applies to users who are using easy-to-guess passwords.
It is a known method for crackers to look for leaked credentials from any site and try them on other services – including variants of the user names and passwords.
The best way to avoid getting pwned is to use unique, strong passwords on every site.
Use of 2FA https://support.plex.tv/articles/two-factor-authentication/
and secure password managers is highly encouraged.
I recommend everyone to give this a read: https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
