Plex is an incredibly useful service that, among other things, allows users to essentially create their own Netflix or Spotify using the movies, songs, and television shows that they’ve downloaded (legally or illegally). Unfortunately, the reason that Plex is making the news this week isn’t because of its usefulness, but because a hacker has managed to get their hands on some important data and is currently holding it for ransom, demanding a Bitcoin payment in exchange for returning the stolen data.
A hacker recently infiltrated the server hosting media service Plex’s forums and blog and is holding the compromised data at ransom. The hacker demanded payment of 9.5 Bitcoins (around $2,400) by July 3 (today). If no payment was made, the ransom would increase by five Bitcoins, the attacker said. If Plex fails to comply, all stolen data will be released via multiple torrent networks and “there will be no more Plex.” Plex addressed the issue in a blog post, saying they first learned of the security breach on July 1 at around 1pm PDT. The attacker was able to gain access to some personal information including IP addresses, forum private messages, e-mail addresses and encrypted (hashed and salted) passwords from forum users. There’s no reason to believe that any other parts of their system was compromised. Credit card and other payment information isn’t stored in their systems, Plex added. As a precaution, Plex reset the plex.tv passwords of all users with linked forum accounts and has reached out via e-mail with further instructions for those impacted by the breach.