I was greatly disappointed to find out that theven user accounts for this forum were hacked last year.
However, I was even more disappointed, and angry, to have found out about this second hand.
From what I understand, all user information, including email addresses and passwords were completely compromised.
You obviously had email addresses from all affected parties, since you lost them. Why then, was there no direct notification from Plex to your users that their information had been stolen ?
A notification on your website just does not cut it. If that even happened, I was payang Plex pass user at the time and I remember no such notification. If are an infrequent user as I am, you would have no idea that your information had been stolen.
With the multitude of websites today, password sharing is commonplace. Therefore you potentially put your users’ other account’s at risk.
I previously had a positive opinion of Plex and their software is great. However, it seems that they have revealed themselves to be poor stewards of our information, and compounded this error by not taking steps to clean up their mess.
I’m not saying that other companies are without fault- having your information on the Internet in a fact of life. However, not notifying those users is irresponsible.
Yes unfortunately the old forum platform was compromised. There was a direct mail sent to all subscribers with linked forum accounts (it only affected you if you had signed up on the forum) on July 2nd 2015 notifying users and asking them to change their passwords.
A transcript of this email is below:
IMPORTANT SECURITY NOTICE
Dear Plex User,
Sadly, we became aware this afternoon that the server which hosts our forums and blog was compromised. We are still investigating, but as far as we know, the attacker only gained access to these parts of our systems. Rest assured that credit card and other payment data are not stored on our servers at all.
If you are receiving this email, you have a forum account which is linked to a plex.tv account. The attacker was able to gain access to IP addresses, private messages, email addresses and encrypted forum passwords (in technical terms, they are hashed and salted). Despite the password encryption measures, we take your privacy and security very seriously, so as a precaution, we’re requiring that you change your password.
Be sure to choose a strong password, never share it, and never re-use passwords for different accounts! Even better, use a password manager (1Password, for example) to manage a unique password for you. Access to your Plex account will be blocked until you do so.
Please follow this link to choose a new password.
We’re sorry for the inconvenience, but both your privacy and security are very important to us and we’d rather be safe than sorry!
We will post more detailed information on our blog shortly. Thanks for using Plex!
As @drzoidberg33 mentioned there was an email sent to all users in July of 2015 when it happened.
You can see it referenced here. Possibly check your email spam folder…
There was also a Blog post about it on the plex website, you can see that here
Hi,
I’ve been suffering a recent load of spam emails from the Plex forums. Many of them are coming from the same senders.
Please see attached screenshots -
Can someone at Plex please take a look and stop these being sent?
Incidentally I don’t speak Korean so it’s wasting everyone’s effort!
So does that mean that everyone on the Plex forum is suffering from these emails?
Isn’t it possible for the team managing the forum to block these users who are abusing the use?
It’s difficult to control spammers. Can’t block an IP range, because they never use the same IP again. Best they can do is block the user once spamming is identified.
I don’t subscribe to any boards, so I don’t get those emails. I guess anyone who subscribes to a board will get notified when any posts are made.
