Plex Security Vulnerability?

Hello, I’m a Plex Pass member. I’ve noticed in the ‘Discover’ section several movies that have a status of ‘Continue Watching’. After installing PlexPy, I’ve noticed that a user named ‘Local’ has been playing various movies and tv shows in my library from Safari and Chrome browsers. These IP addresses mostly trace back to Malaysia. Some of the IP addresses are unknown.

Since discovering this activity, I have changed my Plex TV username and password, and have signed out my registered devices. The issue, however, still exists.

As far as I know, there is not a user named ‘Local’ who is authorized to access my Plex library. I am very much hoping the Plex team will immediate investigate this behavior, as it appears that an external party is able to access the Plex Server by creating a phantom user or manipulating a system service.

I am happy to share my logs to aid in any investigation of this behavior. I am running PMS Version 1.5.2.3557 on a Synology DS415+. I access the Plex Media Server via Apple TV, iPhone 6s+ and Safari Web Browser.

Thank you.

The user name ‘local’ is usually displayed when someone is using the DLNA Server of Plex.
So, is the DLNA server active on your box?

Have you activated any remore access features in your Synology?

Search for the file Preferences.xml on your Synology (you may have to gain access to the internal files first, see Q7a here: https://forums.plex.tv/discussion/191000/faqs-read-this-first#top )
take a look at it and seek for the appearance of the line disableRemoteSecurity. If it has a value of 1 assigned to it, change that back to 0

Are you using any custom domain name to access your plex server?
Did you set up a ‘reverse proxy’ to make this work?

How did you deduce the ‘Malaysia’ part?

Are you using Docker?