[owlbynight]

I like that they're up front about this. Solved the problem in a couple of minutes.

I use a password manager with a very long randomly generated password for everything, so a hashed password leaking is essentially meaningless to me. Notifying me immediately so that I can change it ASAP is what matters.

The burner e-mail I use for stuff like this is listed in 25 other data breeches, too. I don't really care. Plex is amazing software.

I don't really understand the freak outs here.

[koheripbal]

You're being a bit generous with credit to them. We have no idea how long the malicious actors had access (not do they it seems), nor what depth of access they had. I turned off my server until they have had a chance to verify that no malicious software updates have been pushed.

With regard to complex passwords, Plex is one of those accounts that using a random password is quite cumbersome since my kids and I are often connecting new devices that don't access the password manager. We also use it on smart TVs while on vacation. We use a unique, but simple to remember password.

The problem with Plex is that they force you to use cloud auth even if you self-host despite that not being necessary at all for those many of us that self-host. I don't have any other server I host that requires this. The local LAN login they claim works without auth doesn't work for most devices nor across subnets.

It means I cant access Plex when the isp is down and it means Plex sees my library and my kids' activity (which I don't like for privacy reasons), despite having paid for lifetime Plex before this was a requirement.

Think about the Plex as a business that may very likely get acquired one day by a large media corporation. What happens to my data then? Will they ask me to verify my ownership of content I host(ed)? They are already pushing commercial "free"content to my kids, which is exactly what I was trying to get away from.

[doorsopen]

I've switched to using jellyfin and i've never looked back.

[kornhole]

kodi.tv doesn't require any account either. The 2TB SSD I have connected to the RPI hosting it works as a good enough media server for my whole network. I love the unique channels and the ability to stream Newpipe from phone to it. I might try Jellyfin to learn its features.

[poglet]

Not sure how you've setup Kodi however I switched from Kodi to Jellyfin about a year ago.

I purchased a low powered computer with a Celeron N5100 (sorry I might have the model wrong) but I was looking for something that could support and transcode modern video formats in hardware, and connected my external drives too. From there I was able to install Jellyfin, then the Jellyfin clients on all my devices (TV, Phone, iPad etc).

It seems to work really well, espeicaly when exposing the server to the internet using nginx, a SSL certificate, DNS and a dynamic DNS provided by my Asus router. Unsure of the security of this or how to harden it -> VPN might be better for more security conscious people.

You mention you like the unique channels and the Newpipe feature, I don't think any of this is available in Jellyfin, it doesn't seem to be very customisable at all with the exception of a limited list of plugins.

[mikewhy]

> often connecting new devices that don't access the password manager

Isn't that what plex.tv/link is for?

[Thews]

There is no need for a "complex password" just use a passphrase and don't reuse it.

[fomine3]

it's still annoying to type on TV OSD keyboard by cursor

[dotBen]

> I don't really understand the freak outs here.

Because most people reuse the same email address and password, and are potentially way more exposed than you are.

[owlbynight]

I find it hard to believe that most people on HN reuse the same e-mail and password. That practice has always been known to be stupid. There's a whole thing about it in the movie Hackers... from 1995.

In 2022, your data isn't safe. It's widely known your data isn't safe. You need to take steps to make it matter less when its mishandled.

Don't get me wrong, the Plex infra team should feel bad about themselves, but if this breach in anyway compromises anything else in your life other than your media center -- and if your hashed password gets cracked -- then that's on you in my opinion.

[poglet]

What's the best way to use unique emails. I get that Apple has the 'Hide my Email' feature but it's not clear to me how to best use it, especially outside of Apple ie. Where do I find a list of emails that it's created for me and what they were used for.

Temporary email services don't seem helpful either if you need to go through password reset processes or receive emails after the address has been removed.

Do people just use use custom domains with catch all addresses? Is this really the best way?

[jtdressel]

Disclosure: I work at 1Password.

I used to use a catchall with my domain, but now I use our masked email feature. You need a 1Password account, and for fastmail to be your host.

https://1password.com/fastmail/

Depending on your settings, you can use your own domain (which is portable, but less anonymous) or you can generate *@fastmail.com addresses.

[moontear]

There are email Alias services such as anonaddy.com or SimpleLogin.io doing the same thing hide my email is doing.

[smaccona]

To answer your specific question about finding the email addresses you have created via HideMyEmail:

- open Settings - tap your username/name at the top of Settings - tap iCloud - tap Hide My Email - you can look for any emails or matches you want

[CookieCrisp]

Plus, even if my password isn't exposed, I don't appreciate when my email address is exposed, or I have a username able to be linked to an email address.

Now, should I have been smarter and used a burner email address and username unique to Plex? Definitely. But I signed up with them like 10 years ago.

[lucisferre]

Yeah the OP reads more like they understands exactly what the freak out is about.

[lcnPylGDnU4H9OF]

> data breeches

First I thought of the pants that the crew of the Enterprise wear and second was the diaper thing that the monkey you use to save in Mega Man Legends wears[0].

(As an aside, an image search for "data star trek" will have you believing that he does not wear pants on that show.)

[0] https://duckduckgo.com/?t=ffab&q=data+mega+man+legends&atb=v...