For Plex accounts created before March 20, 2025, we require your consent to sell your personal data as described in our Privacy Policy. You can always adjust your share/sell preferences <here>.
For Plex accounts created before March 20, 2025, we require your consent to sell your personal data as described in our Privacy Policy. You can always adjust your share/sell preferences <here>.
“Hashed emails”. Besides the fact that they can match up a hash from one source to a hash from another source to link them to the same person (they never said they’d salt them), emails often have enough predictability to break the hash. Assuming they all end in “@gmail.com”, “@outlook.com”, or “@yahoo.com” will get you the vast majority of emails out there. Unlike a good password scheme, people don’t shove a lot of random data into their email addresses.
The hash:
liamg@9696yddadgib
Was about to say this.
I saw a small-time project using hashed phone numbers and emails a while ago, where assume stupidity instead of malice was a viable explanation.
In this case however, Plex is large enough and has to care about securiry enough that they either
did this on purpose to make it sound better, as a marketing move,
did not show this to their security experts,
or chose to ignore concerns by those experts and likely others (turning it into the first option basically)
There is no option where someone did not either knowingly do or provoke this.