There’s been a widely discussed hack of the servers that Plex uses to host its blog and forums, but supposedly, not the servers that provide the connectivity to the Plex services. At least so far, my external access to Plex hasn’t been affected.
When I started out on the journey through Plexland, one of the concerns I had was how dependent delivery of my content would be on a 3rd party. Of course it is! I’ve always had that lingering question about Plex and how, and whether, my access to my content would be affected by a disruption of their service. So even while I’ve not looked into their architecture, I understood that should the Plex server/service be disrupted, I’d likely lose my ability to access Plex outside of my own network. It’s always a question of how much time/money/work you want to put into an effort like a media center, and there are other options, like Kodi, but Plex is amazing stuff, and for the price I paid for a “lifetime” (whatever that is these days) Plex Pass, is a great bargain if you choose to go this route!
For obvious reasons, Plex doesn’t disclose its server/network architecture, but I found this well done blog post on how Plex implemented https, but also discusses some of the other bits behind the workings of Plex.
With the explosion of internet connections both personally and professionally, our devices and connections can
probably never be considered secure, and especially so when you understand that when even a network security firm found it had been penetrated If they cannot defend their own (hopefully) highly secured network, what hope do individuals have (this is a rhetorical question)?
Yes, I did change my password. Yes, I’m watching for any ‘extra’ network activity on my Plex server.
P.S. 2015-07-06 – Plex forums are still down. No impact to me aside from having to re-log into Plex and the server, with every device. I noted that one person on Reddit mentioned disabling port forwarding. Since the hacker said he obtained IP addresses, I assume this could be those of the Plex user’s server. Since I’ve changed my password, I don’t see this as necessary and would really make me the victim of the hacker too, since I wouldn’t be able to access my server content outside my home network.