I have a recurring problem where unknown users appear in my friends list and they have share access to all my libraries. It doesn’t appear that these users every stream a file. I have deleted 3 users in the past and a new one popped up today. Not sure how this is happening. I switched to using 2FA for my account (with is the only admin account). I did a search here and see there are two other posting of the same problem, but no solutions. Any suggestions would be helpful.
So I just posted about 2fa not seeming to work against bad actors but did when I make changes. And now you post a simular issue. Starting to wonder if Plex has a breach.
You only activated 2FA, but did not change your plex password (including signing out all devices) before doing so.
Which means that the culprit had already guessed your password or has stolen a X-Plex-Token which was created before you activated 2FA.
Perform a change of password (and tick the checkbox “Sign out connected devices after password change”!).
After doing that, you need to perform this procedure with your server: Why am I locked out of Server Settings and how do I get in? | Plex Support
I see you are using plenty of 3rd-party software which is connected to your plex account. Disable these or make them at least not accessible from the internet.
If you haven’t updated Tautulli in a long time, and you have it made available from the internet side, you have a big security hole in your configuration.
Thanks for the tips.
When I turned on 2FA I had to reclaim my server and that did change my token. But I didn’t change my password. I will change my password, log out of clients, and follow the directions you provided. I will check on internet access to 3rd party apps, I don’t think my Tautulli has public access. I run a nightly check to update all dockers, so I should be on the latest version.
I do expose Ombi publicly thru let’s encrypt (per space invader video) let me know if that is a security risk.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
