My Plex account got hacked WARNING!

Hey guys I thought I’d share this experience with you but before I do I want to encourage EVERYONE to enable 2-FA on your Plex account and any other accounts you may have. You’ll be glad you did!

So first I want to say there is no way this person could have gotten my Plex account password unless there was a recent breach on Plex. In all my years with Plex I’ve never had an account breach. The only other way I believe my account could have gotten hacked is through a Chrome/Opera browser extension I just installed a few days ago. This plugin adds a download icon in your shared video library. the plugin is called " Shared Library Downloader for Plex ". There are a few other plugins/extensions similar to this one so be warned.

Is this mere coincidence that my Plex account got hacked shortly afterward…? Who knows. This THIEF then added on a Lifetime Plex and Tidal Music service which charged my debit card $96 today. My bank canceled my card JIC but that’s not all this THIEF did…

He added on several of his friends to my library and gave them access to all my media. The main guy was [redacted]. In the screenshot below you can see all his cohorts added to my library. D and R are legit friends but all those other I wish I had some way to track them down. If this were the movies someone would have traced the account and there would already be a hit out on this guy. LOL! Any way I thought I’d share this with you guys because it feels like someone stole your identity when something like this happens. I wish I was Tony Stark, I’d would have Jarvis locate this guy and END him.

[screenshot with personal information removed]

*edited by mod to remove personal information

There wasn’t

You mention that you enabled 2FA. Did you also change your password? When doing so, you can Log Out all devices.

Good advice, seconded.

And keep your 2FA recovery codes in a safe offline location.

And use unique random passwords for all accounts.

This one, right?

https://chrome.google.com/webstore/detail/shared-library-downloader/jdlidamgkbjkdogfgelbkkmdaehmeglp

Assuming the Extension matches the code on GitHub, it’s very simple and doesn’t appear to do anything malicious. It calls some JavaScript to parse data on the page and create a link.

But absolutely, yeah. When using any Extension you are trusting the developer. Both to be good & honest, and to keep your information secure. Several prominent Extensions have become untrustworthy in the past.

That Extension asks for permission to read data on app.plex.tv, and it runs JavaScript from the 'net. If the Extension WAS malicious, or was updated to become malicious, or if the JavaScript becomes malicious, all bets are off. Your data could be exfiltrated.

I don’t see anything nefarious about the Extension or JavaScript right now. They appear to do what they claim. I don’t think that’s how your account was accessed.

I agree this Extension (and the JavaScript/Bookmarklet) shouldn’t be used, because it executes code downloaded from the 'net. That’s not a good security habit.

I know…was being facetious.

Yes I logged out of every device and reset my password(s). Thanks.

This is a prank?

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.