Plex Server Hackers and Published on line!

I was google something about Plex server, i cant believe what i found!

Some poor guys Plex server was hack and put on line for every one to download and watch! is the security of the Plex server that bad! I’m know considering disabling my one because of this!
WTF!

[edit] pictures with sensitive data removed

No, Plex is not inherently unsecure.
All these cases that come to our attention from time to time are due to a severe misconfiguration of either the Plex Server and/or the router of that user.

any recomatdtion to prevent something like this from happening to the rest of us?

• Don’t use any 3rd party “containers” with preconfigured Plex installations. Always download PMS from plex.tv
• Don’t put your Plex server into a DMZ, if you don’t know what the consequences are.
• There is no need for a custom domain name, nor a custom personal TLS encryption certificate. If used improperly, these can introduce additional attack vectors.
• Devote special attention to the network settings if you install PMS on a publicly accessible network address (like in a data center etc.)
• Don’t disable firewalls. Create proper exemption rules instead (which normally get created automatically during installation [at least on the major OS platforms]).
• Don’t use reverse proxies or reverse NAT rules in your router unless you know the consequences and add additional measures to take to make your PMS installation secure.

Provide some details about your particular Plex deployment and I’m sure you’ll get practical tips about which things to check from the friendly folks around here.

@OttoKerner said:

• Don’t use reverse proxies or reverse NAT rules in your router unless you know the consequences and add additional measures to take to make your PMS installation secure.

I highly agree with this particular point.
Reverse proxies can be extremely dangerous if you do not know what you are doing !!!