Somewhat timely receiving a password reset email, with links in it, after the recent NPM developer 2FA phishing email..

Like, I know its legit but I'm still not going to click on the password reset link in the email and did it manually instead

dfnt:

 

Somewhat timely receiving a password reset email, with links in it, after the recent NPM developer 2FA phishing email..

 

Like, I know its legit but I'm still not going to click on the password reset link in the email and did it manually instead

 

Same, the people at Plex really should know better than to send an email with a link to click to reset passwords. 

Senecio:

 

dfnt:

 

Somewhat timely receiving a password reset email, with links in it, after the recent NPM developer 2FA phishing email..

 

Like, I know its legit but I'm still not going to click on the password reset link in the email and did it manually instead

 

 

Same, the people at Plex really should know better than to send an email with a link to click to reset passwords. 

 

"in accordance with best practice"....  or not...

hmmm, didn't get the email.... to reset or not to reset.... 

I did not get a email either. However I use google sign in so perhaps its Plex managed accounts only?

I got the email but saw it mentioned on Reddit first. I am a Plex Pass holder.

tanivula:

 

hmmm, didn't get the email.... to reset or not to reset.... 

 

Why wouldn't you reset....

signing out of all devices was a punish.  Especially trying to claim the server (lxc container in promos on a different vlan).

had to edit preferences.xml

and remove email address and set the local no auth networks 

Yeah bugger signing out of all devices, I've just changed my password and I expect that'll be enough.

davidcole:

 

signing out of all devices was a punish.  Especially trying to claim the server (lxc container in promos on a different vlan).

 

had to edit preferences.xml

 

and remove email address and set the local no auth networks 

 

Yep, my server is hosted on an nVidia Sheild TV in the comms cabinet so its a pain to reclaim a server. But done now, so my wife can watch her Great British Sewing Bee and I can go to bed safe in the knowledge that I won't be kicked out of the house.

I am pretty happy with their response to this. It's transparent and seems to have been done in a timely fashion. They are storing passwords correctly and are only advising out an adundance of caution. 

One of the better recent breach notifications. 

As long as you have humans, and an internet connection, you can't guarantee a breach won't occur. 

toejam316:

 

Yeah bugger signing out of all devices, I've just changed my password and I expect that'll be enough.

 

I just did mine today and yes you there’s a button for you to sign out of all websites in the renew password process. 

MadEngineer:

 

toejam316:

 

Yeah bugger signing out of all devices, I've just changed my password and I expect that'll be enough.

 

That’s a funky function. A password reset imho should drop/expire all active sessions. 

 

Not usually. Having said that, everyone one will have 2fa so it's done