this post was submitted on 07 Dec 2025
357 points (96.9% liked)
Technology
77084 readers
2758 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The security thing is ironic because my personal Jellyfin server (nor anything else on it) has been hacked, but Plex itself has had their database leaked recently. It's actually the main reason I switched because I don't like their auth servers being a giant common target. (Also, technically it theoretically means Plex employees can just let themselves in to people's private servers)
From their blog post about it:
The passwords were hashed and, I'm inferring from their language, salted per-user as well. Assuming a reasonable length password (complexity doesn't matter much here, what we want is entropy) it would take a conventional (i.e. not quantum) computer tens to hundreds of millions of years to crack one user's password.
Yeah, I'm not really worried about it. I changed my password and moved on. It's just that hackers have every reason to try and exploit Plex, while individual servers are hardly worth someone's time and effort to go after when the payoff is maybe 1-2 usernames and emails