Hi i a bit confused about if i am safe or not after data breach in plex.
i use a synology with docker and plexserver.
i have a username in plex account “username 1” ((visible right top on website in account data)
in this forum and to log in i use google email adress and 2FA and pin on masteraccount
(username 2 (my emailaccount)
when i rechieved the email about changing inlog pasword i did accordenly this directions.
few thing was wierd in my eye’s.
1 - requesting change of pasword didn’t generate a log out of all devices. (i had to do that manually.)
2 - i was apparently changing my google account’s pasword in reclaiming/recovery modes.
(wassen’t a big problem but i was got off gard by this action and maybe a good thing it was quite old and low in security by low character amount so i updated that again to a better one after i discovered i changed it in a "16 digit gibberitch automated generated string.)
3 - docker plexserver didn’t need to reclaim or such. (which was a step in the process.)
After some reading i understand when i created a plex account i choose login by google.
So my defencestrenght of my googleaccount is the same as plex now.
and it seems i can’t change this accountsetup without losing my lifetimepass.
So questions:
what is maybe stolen out the database?
how do i know my plexlogin is safely guarded after google password change?
(i don’t need to type in 2FA from my server on my synology only pincode after inlog by google.)
offcoarse i have the usual “are you this? questions” after the changing but no real problems.
even android apps did still work.
how is the login sequense build?
it’s a bit foggy which account names and paswords are used when.
docker plex server, android plex and plexamp, win webbased plex account (same place as the synology open plex command goes to.)
(i keep all my changes in lastpass safebox so after this event i have some things written down for the sake of when i understand which is obsolute i can clean the data.
So after this eh little recap of my confusing password changing for plex i understand if it’s a bit confusing for you too.
main thing is how do i know i closed every “backdoor” and “window” to protect my phone and my other inlog from the one’s who may have find some data to hack in to peoples life?
#: live was easier when a lock was only made from metal and it got fingerprints on it when they try to break it. (yes i am born in the pre internet day’s )
(# causes shouting apparently)
Changing the password of your Google account was not necessary. That you did it, doesn’t make any difference, as it was not endagered by the breach. Changing the Google password will have no consequence in Plex – in particular it won’t sign out your Plex devices from your Plex account.
Your Plex account is still endangered until you change the password of your Plex account. Yes, you do have a Plex password, even if you lately only used Google to log into your Plex account. Doing so will also log out all of your devices, if you tick the checkbox (which you should definitely do).
You can do so right here: https://app.plex.tv/desktop/#!/settings/account – if you remember your Plex password. Otherwise you must go with the “Reset password” procedure as described in the Email.
You need to differentiate between the 2FA codes of your Plex account and the 2FA codes of your Google account. Which to use is depending on how you log into Plex. Either you use “Login with Google”, or you use your email/Plex-username.
i affraid because i updated my password manager i don’t ;-0
update : long life notepad history of lastpass !
hmm doesn’t work
i think i just make a compleet new one.
Just to be sure i enter the right verificationcode.
That is the 6 numbers from autentication app on my phone right?
I also have much longer safety code for recovering account stored.
Which one do i need to fill in in the last box?
ok so in order to change my password of plex acount i need to choose now email/plex-username? and use 2FA of plex?
thanks.
i will change it after F1 Zandvoort. need a clear head
I got your inlog is experied login again on my phone app.
So the pasword change request did log out all devices inlcuding the nass server.
Still can’t change pasword in the way use the old one.
Alwell F1 starts in few minutes.
ok Max did what he suppose to do. taking First place at the finish.
.
Back to life.
yes i have it in my inbox.
i choose the email entry
google email and older/pasword before breach password didn’t work.
So i tried the new made which was also somehow engaged in my google account as email pasword i think. (i did change it again mediately that day so can’t check this.)
anyway the new pasword (lastpassgenerated) and my plex autherisation code did let me log in.
So that is a confirm my plex-account has a new password.
step 2 enter my nass.
open plex server. (i was logged out.) i choose my email adres as login username and it did go straight to server home page. no claime needed.)
owh now i see the [!] on my server name.
clicked on claim server:
and i got this:
i didn’t needed to use the code generated by this:https://www.plex.tv/nl/claim
Got a green tag and ! is gone. (changed the describing name a bit so i recognise it more easily.)
updated to this: Version 1.28.1.6104
logged out and logged in again in the server app. To check the change.
mobile plex app: its logged in .) logged out and logged in again with googleaccount.
so that is ok now too.
recap:
new pasword is active. (i know which it is so that is great too. )
server(synology nass) reclaimed (locked green lock) renamed id .
plexamp app logged out and logged in again.
web based plex works too.
plexamp (music player= that i needed to re login in and needed to use the new pasword and plex autherisation number. So i think it’s working.
other mobile i have to check later:
(i have that set up as my account and then switched to an other account with lower hierachie lifepass account on that mobiel too. it’s my home smart remote with extra functions )
did i forget anything?
(check on email just before i changed password accordingly email 5 hours before. sounds about right.)my post is also 5 hours ago.)
)
)