My account is completely different - This issue is more serious than you said

I received the email like many others. I did the right thing, didn’t click any links and just visited plex.tv directly. Changed my password. My account is using my own email.

However the account is completely different. I am not BigValT as this account is named. I get PIN auth when accessing my server, but my pin doesn’t work of course. I was able to reset the PIN and now I’m connected to someone else’s account entirely!

The email you sent implied this wasn’t serious, but it is. I’m on someone else’s server right now without having to auth. It’s possible someone’s on mine, so I’ve shut it down. I have pictures of my kids on there for christ’s sake

Lifetime user here. I won’t be continuing to use Plex. I would like my account to be deleted entirely. What is the process for this? What a mess.

They’ve conveniently made the Delete Account feature not work, while maintaining 99.9999% availability everywhere else, while we’re left to wait while they ‘help’ us.

Now my password has been changed again! I can’t get into my account. Now I’m going to have to reset everything.

Plex, you’ve f-ed up so badly here. This is a company ending breach

Please contact me in a DM

And for all, we are investigating

@dane22 Could you please publish some official statement about this “breach” event?
I suspect the authentication server is going down.
Some advice for us, the users, would be appreciated.

For now I have nothing to share, since we are still digging into this.

And sadly the user that posted this said it was using another persons account, so he/she is unknown to us, thus why I asked for a DM

Agreed, this is more serious.

I had noticed yesterday around noon, all my firewalls were popping that Plex was attempting to port scan my whole network. I isolated my server for investigation previous to this announcement due to its behavior and I’d suggest others do the same.

Note: This was on a CLIENT computer on the same vLAN as my SERVER machine. The server was doing this.

Firewall1084×461 182 KB

@BigValT That’s pretty bad! Please keep us updated after you talk to the Plex rep.

@Brian.D I’m not an expert in Linux (running my Plex server on Debian), nor am I an expert with checking log files for network intrusion ESPECIALLY on Linux … please let us know what you find!

Okay…

We investigated, and looks like the @BigValT account was a secondary account (Maybe a forgotten one) that the OP also had

And when clicking on the email, OP never checked if it was the primary account

And in the meantime, OP also self terminated the @BigValT account

As such, we deem this case to be solved, and not an issue

If OP thinks otherwise, he’s free to contact me directly in a DM

@dane22 If this is a case of a Plex account with a Gmail account as the username, this is a really annoying bug. Users with accounts like this mistakenly log in with the Google API which makes a separate account. Plex should check to make sure an account with that email doesn’t already exist before making a second a second on the same address. It confuses your users and for some people I can’t even get them to understand what you’ve done to them, I just end my user sharing with the account they aren’t using anymore and share to the new account. Then we have to go through the obligatory Plex max. bandwidth settings on all their clients again.

It was two separate accounts, with Plex Auth and almost identical email address, and originated from the same IP Address

I see. Well my gripe stands (lol), I know it’s not a hot issue but it’s obviously an issue, it got me once back when Plex started using the Google API login and it’s hard to explain to casual users.
“A Plex account with that email address already exists, are you sure you want to create a new account?” This would be clutch.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.