Today I got a notification on my phone that read: New Device
Popupkiller used a new device to access : Safari (Safari)
I don’t own a mac, or any apple product, and therefore don’t use Safari, so I immediately did a password reset, and booted all devices at the same time.
Some hours later, I noticed the same message pop up. I thought this was strange, so I went to my server and checked the devices, and no new devices showed up around the time the notification popped up. And no Safari devices were listed.
Nor had I received any e-mails today at all about a Safari browser logging on to my server.
Did you choose the option to sign out devices as well? Changing the password only prevents new devices from connecting. If something is already connected, changing the password doesn’t disconnect them.
The e-mail address I use for my plex account is not on that list. A variation of it is, so it could have been a guess based on some knowledge of how gmail works, but my password is unique. I use different random passwords of 12 or more characters on every account of mine. And how would they even get my new password that I just created without doing a password reset.
My e-mail has not been diverted, as I got an e-mail after the first password reset, telling me that I had logged in from the expected browsers. I also double-checked my gmail settings to make sure. Nothing there.
Not that this is what happened, but it is possible. A keylogger, on whatever device you used to change your password would give them instantaneous access to the new password… This is rare however, and may not be what’s going on, just saying it is possible…
I got one of these today on my phone too. Android phone with the Plex app:
New Device
“[my Plex username] used a new device to access [my Plex server’s name]: Safari (Safari)”
There is no way I’ve been leaked or hacked, this is a brand new Plex server I installed on a brand new machine in the past 24 hours. I’m the only one that has access to it.
I checked the logs, and it was an IPv6 address that seems to be coming from Facebook?:
Doesn’t matter if it’s a new server or not. If is was a leak, it would have been your Plex account info. Are you using Tautulli and enabled it for remote access? There is a some sort of security setting that you can and should enable. Without this, someone could gain access to Tautulli and then get your Plex account info.