Got the email notice that Plex had been hacked and to change password. If I signed up using sign on with Apple, should I worry?
Probably not, they just get a logon token from Apple, when you log on, so there is no password or other login data stored on Plex, just the flag that you use Apple to log on and that your Apple ID.
2 Likes
Thank you. That is what I was thinking, but wasn’t sure.
The breach included the account user name, email address and hashed password info. This info can still be used to attempt to phish you, so you should also be wary of any incoming future phishing emails.
For anyone who was using email and password instead of some federated password, you should change your password, and if you used that email/password with any other service, you should change your password with those other services too. The easiest way to manage unique passwords for each service is with a password manager, and TWiT has BitWarden as a sponsor which is great for this purpose.
4 Likes
And they should really enable 2FA on their accounts.
2 Likes