The media organisation and streaming server software, known as Plex, got hit by a hack attack on July 1st. The attacker gained control of the server that hosted Plex’s blog and forums, leaving users’ emails and hashed passwords at risk.
Plex at an official security notice later that day, wrote that the attackers managed to gain access to users’ IP addresses, usernames, hashed passwords and private messages. Although passwords are hashed and salted, thus making attempts to crack them almost unworthy, Plex as a precaution reseted all of its users passwords and reached out via email with further instructions for those affected.
The attacker, calling himself as “savaka“, made a post at Plex’s forums claiming that he is keeping the data and is not going to release them if a payment of 9.5 BTC (bitcoins) (2,522 USD) was made by the July 3rd. If the payment wasn’t made by that day, the ransom would go up by another 5 BTC and eventually if Plex still wouldn’t pay the ransom, users data would be released via big torrent networks. (Editor’s Notice: Plex’s forums are still down and Google’s website caching feauture is not working but Redditor onedr0p, made a copy of the post on Plex’s subreddit.)
Plex denied paying the ransom but to this day no data release has yet happened.
Savaka added that individual users could also pay them to be redacted from the content that is going to be released.
Plex claims that there is no reason to believe that any other services were hacked and they made sure to reassure clients that credit card data are not stored in their servers so financial information should be safe.
Plex’s forums will be down while the team is continuing its investigation. In a comment on onedr0p’s reddit post, a Plex representative claimed that the attacker probably managed to gain access because of a PHP vulnerability.