Quick PSA this morning, folks: Plex, the multimedia server that lets you stream your digital content to most internet connected devices, had its servers compromised. The company fell victim to an attack that fell on their blog and forums server, which — if your Plex account is linked to it — exposes your account’s passwords (which is stored in a hashed and salted algorithm that’s tough to crack).
That’s comforting, but the company will still require you to change your password, and you’ll want to do it as soon as possible. Apparently they will only ask you to change your password if you’ve ever linked your Plex.tv account with your forum account, butt we’d change passwords even if you don’t fall under that category. Also consider changing your password for other services if you happen to use the same one (which you shouldn’t be doing, by the way).
Plex was clear to note that other sensitive customer information — such as your payment and billing information — exists on an entirely different server and hasn’t been compromised in any way. We sure hope so.
[Update]: Well, things are about to get interesting. We’ve uncovered a message from the malicious hacker left on the server. It was since removed by Plex, but a cached version of Plex’s website still shows the goods.
The culprit apparently wants ransom. It’s simple: someone forks over 9.5 bitcoins (about $2,400) or all the data the hacker stole will be released for anyone to see. If it doesn’t happen by July 3rd, they’ll ask for another 5 bitcoins. And if no one comes through? They say they’ll simply release the data anyway, and alleges that “there will be no more Plex.tv.”
We’re not sure how strong that claims is as Plex’s forums and blog systems are supposedly on an entirely different server than the one they use for payments and infrastructure, so we’ll have to wait and see what happens either way.
The no-gooder also suggests they’ll remove individual data from the database as long as they pay, though we’d strongly advise against doing that. In the meantime, just be sure to change those passwords like Plex recommends and hope for the best.
Change your PayPal password too if you used PayPal to pay for any Plex services.
Hopefully they find the hacker and toss him in jail.
Bwaa haa haaa.. yeah, when has that ever happened? Target, Sony, Home Depot, Adobe – no one gets caught. If you have the skill to hack on this level, you have the skill to evade. And it helps if you are not even in the USA.
I didn’t say it was likely; I was just being hopeful. I’d rather other things were done to him… since Plex is a service I really enjoy.
Also, almost anything is possible if an effort is applied.. look what happened to the guy from the silkroad. But I doubt the US goverment cares about corporations that don’t give them much in return.