I received the data breach email. My question is do I really need to reset my password if I’m using my apple ID as my Plex account? I would assume Plex is not storing my password because it shouldn’t have access to it. At least that’s how using social identities is supposed to work. Plex requires that Apple verify I am using the correct credentials…Plex shouldn’t be storing my password. Just wanting a sanity check from some other members.
Thanks!
You don’t need to reset the password, if you don’t use a password.
(I’ve checked, you don’t have one.)
However, there are also “access tokens”. Each device that gets signed into your Plex account is given a unique access token which it uses to authenticate itself against your server and plex.tv.
If an attacker can get such a token, he can do everything that a signed-in Plex server or Plex client can do.
It is therefore recommended to at least reset those access tokens.
You can find them all here https://app.plex.tv/desktop/#!/settings/devices/all
If you delete the token of a device, it means you need to sign out of your Plex account on this device and then sign back in. Otherwise this device won’t get access to your account and therefore your server.
If you delete the access token of your server, you need to sign it into your account afterwards as well.
This should be possible by accessing the local web app on that server by calling the IP address of that server, like this: http://ip-of-server:32400/web
(You must use the IP address, not some domain name which you might have set up.)
In some extreme cases, you need to remove your old account information from the server manually: Why am I locked out of Server Settings and how do I get in? | Plex Support
When signing out and in devices, start with your web browser.
Then advance to your server.
Once that is done successfully, continue with all the other Plex client types you might be using.
@OttoKerner excellent, thank you for the quick response! I will reset my access tokens, good advice.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
