I received a notification that someone logged into my Plex account from Tunisia yesterday at about 3am EDT. Whoever did so did it without changing my password, which was a 16 digit random password. All they did was add themselves as a user to my server and watched some of the content I had. Not a major issue, as I was able to fix it quickly, but still alarming.
Has there been a breach of Plex’s user database? My password was not shown as compromised in 1Password’s Watchtower and was unique to my Plex account, so I find it unusual that this happened.
I dont have my plex server accessible outside of my local network but if i did i would have some Geo Filtering of those Countries. I have all the main countries blocked like Russia,China,Netherlands, Etc. I also do not have a cheap consumer grade router.
They also make a smaller USG without SFP Ports for $140 on amazon Vs the pro for $300. They will both require you to run a controller on a linux machine or VM , or take the easy route and buy the cloud key. I just run a linux controller.
@thejokell I’m not aware of any recent breach. We had one back in 2015 of our very old forum software which we emailed everyone effected and forced users to changed their password then.
Not to long ago there was an issue with folks putting their Tautulli install online (open to the world) and that had the admins auth token in it. Took a while to realize that was the issue if I recall. I think apps like sonarr and Radarr potentially have the same issue as i think those can be set to refresh libraries and they need the server admins auth token to do so.
Not saying that was the vector the person took but worth looking into.
