Plex servers have been compromised, users advised to change their passwords right away. Also, attacker demanding ransom amount.
Media streaming service Plex has confirmed that its servers have been breached resulting in personal user information being compromised, the company announced via a blog post. The hacker was able to get access to users’ IP addresses, private messages on forums and email messages along with encrypted passwords.
“As a precaution, we reset the plex.tv passwords of all users with linked forum accounts and reached out via email with further instructions for those affected. At this time, our forums remain offline while we complete our investigation. All other systems are online and operational,” the company said.
The company notes that its other systems have not been affected by this hack, and further added that no payment details of users were stored in the company’s systems. For now, Plex has reset passwords and shut down its forums as a safety measure. While the company says that users with Plex.Tv passwords who have linked forum accounts will receive an email from the company with further instructions.
“Worst case (that we know of! right now!) is they reverse the hashes on your forum passwords and use them to sign into plex.tv. So please, change your plex.tv password,” said Plex co-founder Elan Feingold in a post on Reddit.
Users who use their plex.tv passwords with other Web services are advised to change their passwords right away. Meanwhile, the alleged hacker going by the alias ‘savaka’ has claimed responsibility for the breach and said he was able to get all of the company’s data along with software and files.
“I replaced the index.php of the administrator cpanel with a nice message, but the ones in charge of your data decided that it would be pretty lulzy’ to remove the message and place the original index back there,” said Savaka in the comments section of a post on Reddit forum.
He is also demanding a ransom of 9.5 bitcoins before the July the 3rd, and the ransom amount will further go up by 5 bitcoins if Plex fails to comply. He then goes on to say that “the data will be released via multiple torrent networks, and there will be no more plex.tv,” if his demands aren’t met.
He also mentioned that he “don’t care where the BTC comes from,” implying that forum members can also give the ransom amount if they want to stop their personal data being leaked through torrents.