Plex, a company mainly known for their versatile Media Server application, which even Linus uses at home, has been hacked, resulting in users panicking after their cloud-based instances became inaccessible while signing out. The company's website went down just mere hours after the first emails went out to customers, and has since left people manually claiming their servers. https://swizzin.ltd/applications/plex#manual-claiming instead of using the plex PIN and claim tokens to login to their apps. If you are using the LSIO or Hotio docker image, see these instructions https://info.linuxserver.io/issues/2022-08-24-plex/.
This hasn't been the first time that Plex has had issues like this, where authentication remains the central business they can't seem to just get it quite right. In June, the company also had issues with their API, leaving people unable to access their servers due to authentication being down. Hopefully this stops happening soon. This is the second breach that Plex has suffered, the last being in 2015, where their forum data was held for ransom and user credentials were not using strong salt.
Plex authentication continues to have issues, presumably due to their 4 digit pin system being overloaded with requests. Issues extend to both sign-ins and automated claims of servers. The password reset is not mandatory for users, but the company is pushing it to the community pretty hard.
The Email
Sources
https://status.plex.tv/history?page=1
https://www.theverge.com/2022/8/24/23319570/plex-security-breach-exposes-usernames-emails-passwords
https://www.engadget.com/plex-reset-passwords-potential-data-breach-082347517.html
https://www.xda-developers.com/plex-reveals-data-breach/
https://www.reddit.com/r/PleX/comments/wwb8uy/plex_breached_were_passwords_encrypted_or_hashed/
https://www.reddit.com/r/PleX/comments/wwcekh/ive_leveled_my_fair_share_of_criticism_against/
https://www.reddit.com/r/PleX/comments/wwf9oy/plex_down/
https://www.reddit.com/r/PleX/comments/wwchdc/changed_password_now_server_not_found/
https://www.reddit.com/r/PleX/comments/wwfjqm/how_to_reclaim_your_server_after_resetting_your/
https://www.reddit.com/r/PleX/comments/wwf5o9/plex_website_is_down_and_preventing_password/
https://www.reddit.com/r/PleX/comments/wwje5x/i_cant_claim_server_after_password_update/
Email Correspondance
Updates
Add hotio/lsio docker instructions