We have recently experienced a security incident that may potentially involve your Plex account information. We believe the actual impact of this incident is limited; however, action is required from you to ensure your account remains secure. What happened An unauthorized third party accessed a limited subset of customer data from one of our databases. While we quickly contained the incident, information that was accessed included emails, usernames, securely hashed passwords and authentication ...
I mean, that’s fine, but it’s still an issue and a risk that would cause me to want to use VPN for remote viewing. It doesn’t seem like security is Jellyfin’s priority at the moment, not that it’s Plex’s either, but it’s not to a place where it’s worth it to switch from a security standpoint, personally.
Plex has a whole team dedicated to security. It’s obviously not perfect and it is a larger attack surface than Jellyfin, but I’ll take that any day over devs who treat security as an afterthought
You mean the security team that got pwned here?
What about the pwned users of Jellyfin that have unknowingly had security holes for 5 years because Jellyfin doesn’t care enough to even put a banner in their settings to say it’s not secure?
Still better to have a team to react to this incident than just have them shrug and ignore it for 5 years