A hacker is demanding payment — or Plex will find its data spread across the Internet.
Users of the Plex forum are being asked to change their passwords in the wake of a data breach which has exposed sensitive information.
Plex is a home media streaming and sharing service used to stream your collection across multiple devices including home theatres, smartphones, tablets and PCs. The popular service also offers a support forum which has been the recent victim of a cyberattack.
On July 1, the server which hosts the Plex forum and blog was compromised. Chris Curtis, a Plex engineer said in a blog post an attacker was able to gain access to personal data including IP addresses, forum private messages, email addresses, and encrypted (hashed and salted) passwords for forum users.
“As a precaution, we reset the plex.tv passwords of all users with linked forum accounts and reached out via email with further instructions for those affected. At this time, our forums remain offline while we complete our investigation. All other systems are online and operational.”
The engineer emphasized that Plex has “no reason” to believe any other systems were compromised, and no credit card or payment data was stored on the firm’s systems.
However, this may not be the end of the story. According to a post on the Plex Reddit forum, the alleged hacker, dubbed “savaka,” took responsibility for the attack and said they were able to “obtain all of your data, customers as well as software and files.”
“I replaced the index.php of the administrator cpanel with a nice message, but the ones in charge of your data decided that it would be pretty lulzy’ to remove the message and place the original index back there,” Savaka says.
The alleged attacker is demanding 9.5 BTC before the end of the 3rd, and if no payment is made, the ransom will go to by an additional 5 BTC. If Plex refuses to comply, “the data will be released via multiple torrent networks and there will be no more plex.tv,” Savaka warns.
In addition, the hacker says they “don’t care where the BTC comes from,” and so forum members can also email savaka with a ransom payment to prevent their data being released.
Users now must change their passwords to keep using the forum. If the account is still locked, the problem is likely to be due to a third-party app such as plexWatch — and these apps must either be disabled or the password changed in settings. In addition, if users cannot remotely access their servers after changing their password, they must locally sign in to their server again — which is not the same as logging into plex.tv.