Plex's forums hacked, user data being held ransom

Streaming service Plex's forums have been hacked, and the hacker is holding the data ransom in exchange for Bitcoin. Plex has announced that the hacker was able to gain access to IP addresses, email addresses, hashed and salted passwords as well as private message. Payment information is not stored on Plex's servers, so that information is still secure.

The streaming service refused to pay the ransom, and has reset the passwords of all affected users. Plex uses a SSO (single sign-on) authentication, so if the hacker were to reverse-engineer the hashed passwords, he or she would be able to gain access to a user's account as well.

The hacker posted about his exploits on Reddit:

I gave them until the 3rd of this month to send 9.5 BTC, or I would release all this data. This ransom is still active and on the 3rd: if no BTC payment is made, the ransom wll go up by 5 BTC. Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tvYou can also pay me to remove your data from the content that's going to be released - If you send an e-mail without BTC ready to send, I will add your data to a special list.

Plex confirmed the hack on its official blog, stating that it was looking into the issue:

At approximately 1pm PDT yesterday (July 1st) we learned that the server which hosts our forums and blog was compromised. The attacker was able to gain access to some personal information, such as IP addresses, forum private messages, email addresses, and encrypted (hashed and salted) passwords for our forum users. As a precaution, we reset the passwords of all users with linked forum accounts and reached out via email with further instructions for those affected. At this time, our forums remain offline while we complete our investigation. All other systems are online and operational.

If you're a Plex user, we suggest you go ahead and change your password. Be sure to create a strong password that is unique to the service so that it doesn't compromise your account security on other websites. We'll update the article once we have more information.

Source: Reddit, Plex

Harish Jonnalagadda
Senior Editor - Asia

Harish Jonnalagadda is a Senior Editor overseeing Asia for Android Central, Windows Central's sister site. When not reviewing phones, he's testing PC hardware, including video cards, motherboards, gaming accessories, and keyboards.