Streaming service Plex's forums have been hacked, and the hacker is holding the data ransom in exchange for Bitcoin. Plex has announced that the hacker was able to gain access to IP addresses, email addresses, hashed and salted passwords as well as private message. Payment information is not stored on Plex's servers, so that information is still secure.
The streaming service refused to pay the ransom, and has reset the passwords of all affected users. Plex uses a SSO (single sign-on) authentication, so if the hacker were to reverse-engineer the hashed passwords, he or she would be able to gain access to a user's Plex.tv account as well.
The hacker posted about his exploits on Reddit:
I gave them until the 3rd of this month to send 9.5 BTC, or I would release all this data. This ransom is still active and on the 3rd: if no BTC payment is made, the ransom wll go up by 5 BTC. Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv
You can also pay me to remove your data from the content that's going to be released - If you send an e-mail without BTC ready to send, I will add your data to a special list.
Plex confirmed the hack on its official blog, stating that it was looking into the issue:
At approximately 1pm PDT yesterday (July 1st) we learned that the server which hosts our forums and blog was compromised. The attacker was able to gain access to some personal information, such as IP addresses, forum private messages, email addresses, and encrypted (hashed and salted) passwords for our forum users. As a precaution, we reset the plex.tv passwords of all users with linked forum accounts and reached out via email with further instructions for those affected. At this time, our forums remain offline while we complete our investigation. All other systems are online and operational.
If you're a Plex user, we suggest you go ahead and change your password. Be sure to create a strong password that is unique to the service so that it doesn't compromise your account security on other websites. We'll update the article once we have more information.
We may earn a commission for purchases using our links. Learn more.
New Microsoft Edge begins automatic rollout for Release Preview Insiders
Microsoft today started automatically rolling out the new Microsoft Edge to Windows Insiders in the Release Preview ring. This is the first step in a process that will see the old Edge replaced automatically for everyone.
Windows Central app picks up login fix, new icon in latest update
If you've had trouble logging in with the Windows Central app for Windows 10, the issue is now fixed with the latest update. This release also adds new icons and cleans up some of the news categories.
Oculus acquires 'Asgard's Wrath' developer Sanzaru Games
Sanzaru Games is joining Oculus Studios, a press release has just confirmed. This comes a couple of months after Facebook and Oculus just acquired Beat Games.
Don't keep buying AAA batteries, go rechargeable!
Running out of batteries is both inconvenient and annoying, but if you grab yourself a set of these great rechargeable ones, you'll never have to worry about that again.