I noticed last week that my plex server was using a lot of CPU when I was not watching plex. Since I almost never use it, I just killed the server process thinking that it was running amok because of some bug.
It all became clear when I got this email last night. I was suspicious, but now I'm pretty certain that my account was exploited, and my local media was being streamed by a 3rd party.
My big fear isn't malicious library access, but that the bad actors pushed a malicious update to Plex itself and that my server is now running malicious code doing God knows what on my network.
Don't let "media manager" apps have direct read-write access to files - they tend to spew metadata all over files, and if there's a bug in the software it can corrupt your data. Doubly-so for an internet-facing dependency dumpsterfire like Plex. It's also worth having at-least a DMZ with ingress/egress filtering for any internet-facing services such as Plex - only allow them to connect to what they need.
A filesystem which supports snapshots and rollbacks is good to have underlying your media collection as well (ZFS, BTRFS, etc)
It all became clear when I got this email last night. I was suspicious, but now I'm pretty certain that my account was exploited, and my local media was being streamed by a 3rd party.