Plex: Forums Server Hacked, Data Held For Bitcoin Ramsom
Plex, the movie streaming service, has been hacked, according to a security notice posted on Plex’s blog. The security breach was discovered on Wednesday.
The good news, if you can call it that, is that it was only the server which hosts their forums and blog that was compromised. All Plex forum users are requested to change their passwords following the data breach, in which sensitive information has been exposed.
The security notice goes on to say:
“As a precaution, we reset the plex.tv passwords of all users with linked forum accounts and reached out via email with further instructions for those affected. At this time, our forums remain offline while we complete our investigation. All other systems are online and operational.
We have no reason to believe that any other parts of our system were compromised, and we never store credit card or other payment data on our systems.”
The alleged hacker, who calls himself “savaka”, according to a post on Reddit, is demanding 14.5 BTC (about 3700 US dollars). If the bitcoin payment is not made, he threatens “the data will be released via multiple torrent networks and there will be no more plex.tv”
It is feasible that the hacker could decrypt the stored passwords into the original text using password cracking tools on a powerful computer, but longer and more complex passwords, however, are more difficult to crack because it takes more time and computing power. Plus a good portion of users will have already changed their passwords.
Plex, an online service, organizes video, music and photos from personal media libraries and streams them to smart TVs, streaming boxes and mobile devices.