Plex has been hacked. Most users probably already know by now but it's a good opportunity to again promote the use of a password manager and use 2 factor Authentication wherever possible.
Doesn't look like much can happen with the info as they just got emails, usernames and passwords (which were hashed with salt and pepper). For more info
That's where the password manager comes in. I don't know 99%+ of my passwords. Sometimes it's annoying but the annoyance is trivial compared to having to deal with the issues that arise from someone obtaining an important email/password combination that you have reused or slightly changed from another website.
Nekkminut password manager gets hacked.
They typically can't be hacked in the traditional sense, as the master password is not stored by the provider and the 'vault' is encrypted with the master password.
Encryption can't be defeated yet, so an attacker needs to get your master password through phishing etc in order to access your vault. if you have 2-factor also enabled thats an additional security layer.
@Keplaffintech: There are a few extra layers that you can add on top to protect yourself. You can limit where you can log on from. You can add hardware authentication devices like Yubikeys. My regime is can be pretty annoying but it's better than the alternative.
Just not having to remember passwords should be reason enough to have a password manager. When I try to play games with my mates (who aren't avid gamers and don't login very often) they spend half an hour trying to login because they can't remember their passwords for the different portals.
I mean having your Plex hacked is not the biggest deal in the world… Oh no someone might be able to stream my movie collection!!!
Even if they were able to get into the passwords which I don't think they can, it's more about people reusing email and password combinations somewhere else more important.
If you have Plex Pass they could theoretically change your password and email address then sell the account off to someone.
But more likely if they did manage to decrypt the passwords, they'd try using the login combination on other websites and hope for reused passwords as OP said.
you can also delete files from within Plex..
Copyright owners getting back?
.
Also don't repeat passwords.