Plex Media Server Was Hacked Demanding 9.5 Bitcoins, The Company Prompts Its Users To Change Their Passwords
The widespread application that authorizes users to manage and stream media collections to devices, Plex, has been hacked demanding 9.5 bitcoins to reserve the stolen data. The software suite is now directing customers to modify their passwords since the hacker had penetrated one of their servers.
Plex is guiding the users through an email to change their password. Consequently, upon visiting the site with a disrupted account, you will be instantly relayed to change the password immediately, detailed in Lifehacker.
The affected server comperes forums and blog. The hacker obtained an access to IP private messages, addresses, email addresses and passwords. However, it is good to know, that credit card and further reimbursement data is not stored on Plex's servers.
As Plex practices single sign-on (SSO) technology, the hacker can exploit the forum passwords to access Plex.tv accounts too, supposing he can break the hashes. To this point, Plex is definite that the server which is only hosting the forum has been cracked, though an examination is still rolling.
The forum engine was prospected ruptured by manipulating a weak spot in PHP or the Invision Power Board or IPB forum software, Elan Feingold, the co-founder of Plex, remarked on Reddit. Feingold also mentioned that the Plex.tv packet is organized on a split machine.
The attacker, covering up as "savaka" wrote a message on the hacked Plex online forum asserting that he has acquired customer's personal data, software and archives. Savaka is demanding Plex to give him 9.5 Bitcoins which approximately is costing $2,400 on an identified address up until July 3. He's creeping up to drip all the filched data if they did not congregate with his requests.
The hacker stated in the forum, "This ransom is still active and on the 3rd: if no BTC payment is made, the ransom will go up by 5 BTC. Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv. You can also pay me to remove your data from the content that's going to be released by e-mailing redacted
- If you send an e-mail without BTC ready to send, I will add your data to a special list," stated in Cord Cutter News.
At this time, the forum has been shut down as this unscrupulous case happened. However, the official website and service is still under control as Plex is uncertain how far the drudge has gone.