Plex Database Hacked


Lolight

Recommended Posts

Just saw this posted on reddit.

 

Full email from Plex:

 

Dear Plex User, We want you to be aware of an incident involving your Plex account information yesterday. While we believe the actual impact of this incident is limited, we want to ensure you have the right information and tools to keep your account secure.

 

What happened

 

Yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords. Even though all account passwords that could have been accessed were hashed and secured in accordance with best practices, out of an abundance of caution we are requiring all Plex accounts to have their password reset. Rest assured that credit card and other payment data are not stored on our servers at all and were not vulnerable in this incident.

 

What we're doing

 

We've already addressed the method that this third-party employed to gain access to the system, and we're doing additional reviews to ensure that the security of all of our systems is further hardened to prevent future incursions. While the account passwords were secured in accordance with best practices, we're requiring all Plex users to reset their password.

What you can do Long story short, we kindly request that you reset your Plex account password immediately. When doing so, there's a checkbox to "Sign out connected devices after password change." This will additionally sign out all of your devices (including any Plex Media Server you own) and require you to sign back in with your new password. This is a headache, but we recommend doing so for increased security. We have created a support article with step-by-step instructions on how to reset your password here.

We'd also like to remind you that no one at Plex will ever reach out to you to ask for a password or credit card number over email. For further account protection, we also recommend enabling two-factor authentication on your Plex account if you haven't already done so.

Lastly, we sincerely apologize to you for any inconvenience this situation may cause. We take pride in our security system and want to assure you that we are doing everything we can to swiftly remedy this incident and prevent future incidents from occurring. We are all too aware that third-parties will continue to attempt to infiltrate IT infrastructures around the world, and rest assured we at Plex will never be complacent in hardening our security and defenses.

For step-by-step instructions on how to reset your password,

visit: https://support.plex.tv/articles/account-requires-password-reset

Thank you, The Plex Security Team

Link to comment

It is LEGIT. I got the email, and everyone I know did. Just changed everything without any issues. Make sure you guys click the sign out of all devices checkbox as well.  Had everyone who wasn't using MFA implement it. I suggest everyone do the same. I'm not worried, and I am glad they were up front with what happened. Other than that get LIFELOCK and HOME TITLE LOCK to round out your identity protection package. It has saved my butt a couple of times!

 

 

Edited by falconexe
Link to comment
19 minutes ago, Barryrod said:

Yeah Awesome. I am away from home, saw this and reset my password. Now I can not access my personal server running in Docker. UGH

I don't run Plex but have seen others experience something similar.

Here's a possible solution:

 

For those running plex in a docker container (probably also applicable for other hosting) and who just reset their password: Do this:

Remove the preferences entries described in this article: https://support.plex.tv/articles/204281528-why-am-i-locked-out-of-server-settings-and-how-do-i-get-in/

After restart, go to https://www.plex.tv/claim/ and generate a new claim key

run this command in a terminal (adapt to your ip and claim)

curl -X POST 'http://127.0.0.1:32400/myplex/claim?token=claim-xxxxxxx'

3.1) Alternatively, run your docker container (or docker-compose) with the environment variable "PLEX_CLAIM=claim-xxxx"

After that, your server will be available again (you might have to configure it for online availability again. Go to "http://127.0.0.1:32400/web", log in, configure remote access in the settings)

Edited by Lolight
  • Like 2
Link to comment
27 minutes ago, Lolight said:

I don't run Plex but have seen others experience something similar.

Here's a possible solution:

 

For those running plex in a docker container (probably also applicable for other hosting) and who just reset their password: Do this:

Remove the preferences entries described in this article: https://support.plex.tv/articles/204281528-why-am-i-locked-out-of-server-settings-and-how-do-i-get-in/

After restart, go to https://www.plex.tv/claim/ and generate a new claim key

run this command in a terminal (adapt to your ip and claim)

curl -X POST 'http://127.0.0.1:32400/myplex/claim?token=claim-xxxxxxx'

3.1) Alternatively, run your docker container (or docker-compose) with the environment variable "PLEX_CLAIM=claim-xxxx"

After that, your server will be available again (you might have to configure it for online availability again. Go to "http://127.0.0.1:32400/web", log in, configure remote access in the settings)

Yeah, but I am away from home right now LOL.

 

Either I have to wait til I get home OR I have to depend on the wife actually following some directions LMAO. Not sure which will be harder

Link to comment
1 hour ago, feins said:

Im having issue after reset the password even my server is up when i run plex i got server offline.

I've try to WEBUI to my plex server i got This XML file does not appear to have any style information associated with it. The document tree is shown below.

 

Same issue here

Link to comment
2 hours ago, feins said:

Im having issue after reset the password even my server is up when i run plex i got server offline.

I've try to WEBUI to my plex server i got This XML file does not appear to have any style information associated with it. The document tree is shown below.

 

You have to "RECLAIM YOUR SERVER" (in plex server general settings".

Link to comment
28 minutes ago, doobyns said:

You have to "RECLAIM YOUR SERVER" (in plex server general settings".

Unfortunately the server settings are unreachable since the server isn't actually fully starting.  So going to plex.tv and signing in, it'll show the server as unreachable and the only settings available are the Plex Web & Plex Account settings.  But the actual server settings are not available.

 

There's also no way to change it locally because of the XML error page.

Edited by LxLuthor
Link to comment

Ok, so just in case anyone has a similar issue to me... let me explain what I did.

 

I followed the directions above and removed the 4 parameters/variables from the xml file from the app data folder.  started up the docker and then was able to reclaim via the general settings.  While you would THINK this would be easy, my laptop was on a different subnet than the server and I NEVER got the claim option in general.  Once I thought about it and realized the laptop was not on the IOT network; I swapped over and now have the claim option.  

 

So, just in case anyone else is running multiple networks at their house, make sure you jump on the same subnet.  Not sure why that made a difference but it did.

 

Perhaps I didn't need to edit the xml file, so first try joining the same network just in case you run an IOT network like I do. 

Edited by dnoyeb
Link to comment
3 minutes ago, dnoyeb said:

Ok, so just in case anyone has a similar issue to me... let me explain what I did.

 

I followed the directions above and removed the 4 parameters/variables from the xml file from the app data folder.  started up the docker and then was able to reclaim via the general settings.  While you would THINK this would be easy, my laptop was on a different subnet than the server and I NEVER got the claim option in general.  Once I thought about it and realized the laptop was not on the IOT network; I swapped over and now have the claim option.  

 

So, just in case anyone else is running multiple networks at their house, make sure you jump on the same subnet.  Not sure why that made a difference but it did.

 

Perhaps I didn't need to edit the xml file, so first try joining the same network just in case you run an IOT network like I do. 

 

I don't even have an XML file in the appdata folder under Plex.  I have 5 empty folders.  Super odd.

Link to comment

The Docker I'm running has the Plex token in the Template. Can't I just edit it there?

Or do I need to generate the token first by doing everything suggested in that link? I'm not at home so I'm questioning things before I attempt them. Lol

 

Nevermind not the same thing. 

 

 

Link to comment
4 hours ago, Lolight said:

I don't run Plex but have seen others experience something similar.

Here's a possible solution:

 

For those running plex in a docker container (probably also applicable for other hosting) and who just reset their password: Do this:

Remove the preferences entries described in this article: https://support.plex.tv/articles/204281528-why-am-i-locked-out-of-server-settings-and-how-do-i-get-in/

After restart, go to https://www.plex.tv/claim/ and generate a new claim key

run this command in a terminal (adapt to your ip and claim)

curl -X POST 'http://127.0.0.1:32400/myplex/claim?token=claim-xxxxxxx'

3.1) Alternatively, run your docker container (or docker-compose) with the environment variable "PLEX_CLAIM=claim-xxxx"

After that, your server will be available again (you might have to configure it for online availability again. Go to "http://127.0.0.1:32400/web", log in, configure remote access in the settings)

I followed these instructions and it worked. thank you.

I stopped the docker container

I found the preferences.xml file under \UNRAID IP ADDRESS\applications\plexmediaserver\Library\Application Support\Plex Media Server\preferences.xml

I made a backup copy, deleted the keys:

    PlexOnlineHome="1" (note: I didn't see this one in the file)

    PlexOnlineMail="[email protected]"

    PlexOnlineToken="RanDoMHexIDecIALtoKeNheRE"

    PlexOnlineUsername="ExampleUser"

restarted the server

ran the curl command as above (with the new claim code)

All seems ok now (i.e. the red/white exclamations seem to have disappeared)

 

Link to comment
3 hours ago, TheWombat said:

I followed these instructions and it worked. thank you.

I stopped the docker container

I found the preferences.xml file under \UNRAID IP ADDRESS\applications\plexmediaserver\Library\Application Support\Plex Media Server\preferences.xml

I made a backup copy, deleted the keys:

    PlexOnlineHome="1" (note: I didn't see this one in the file)

    PlexOnlineMail="[email protected]"

    PlexOnlineToken="RanDoMHexIDecIALtoKeNheRE"

    PlexOnlineUsername="ExampleUser"

restarted the server

ran the curl command as above (with the new claim code)

All seems ok now (i.e. the red/white exclamations seem to have disappeared)

 

 

This process worked for me.  Just remember (unlike me!) that the claim token expires in 5 minutes.  I was banging my head against the wall trying to figure out why my terminal command wasn't working.

Link to comment
10 hours ago, Lolight said:

I don't run Plex but have seen others experience something similar.

Here's a possible solution:

 

For those running plex in a docker container (probably also applicable for other hosting) and who just reset their password: Do this:

Remove the preferences entries described in this article: https://support.plex.tv/articles/204281528-why-am-i-locked-out-of-server-settings-and-how-do-i-get-in/

After restart, go to https://www.plex.tv/claim/ and generate a new claim key

run this command in a terminal (adapt to your ip and claim)

curl -X POST 'http://127.0.0.1:32400/myplex/claim?token=claim-xxxxxxx'

3.1) Alternatively, run your docker container (or docker-compose) with the environment variable "PLEX_CLAIM=claim-xxxx"

After that, your server will be available again (you might have to configure it for online availability again. Go to "http://127.0.0.1:32400/web", log in, configure remote access in the settings)

 

5 hours ago, TheWombat said:

I followed these instructions and it worked. thank you.

I stopped the docker container

I found the preferences.xml file under \UNRAID IP ADDRESS\applications\plexmediaserver\Library\Application Support\Plex Media Server\preferences.xml

I made a backup copy, deleted the keys:

    PlexOnlineHome="1" (note: I didn't see this one in the file)

    PlexOnlineMail="[email protected]"

    PlexOnlineToken="RanDoMHexIDecIALtoKeNheRE"

    PlexOnlineUsername="ExampleUser"

restarted the server

ran the curl command as above (with the new claim code)

All seems ok now (i.e. the red/white exclamations seem to have disappeared)

 

 

YES! these instructions worked! what a clusterf*ck!! it should be easier to solve than browsing forums for an obscure solution!

Link to comment
10 minutes ago, ShadowVlican said:

YES! these instructions worked! what a clusterf*ck!! it should be easier to solve than browsing forums for an obscure solution!

I think it is for most people. :) 

Remember that the only people posting on the forums are those who have problems, not the large number of users form whom it works fine.

 

Took me 2 minutes, I did everything from the webgui and didn't touch any kind of files.

Link to comment
48 minutes ago, ChatNoir said:

I think it is for most people. :) 

Remember that the only people posting on the forums are those who have problems, not the large number of users form whom it works fine.

 

Took me 2 minutes, I did everything from the webgui and didn't touch any kind of files.

 

Same for me. I just posted to let everyone know that I didn't run into any issues, and that everyone should take this seriously and do it. Glad everyone is figuring it out.

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.