Jul 2nd, 2015

plex logo banner 1

Quick PSA this morning, folks: Plex, the multimedia server that lets you stream your digital content to most internet connected devices, had its servers compromised. The company fell victim to an attack that fell on their blog and forums server, which — if your Plex account is linked to it — exposes your account’s passwords (which is stored in a hashed and salted algorithm that’s tough to crack).

That’s comforting, but the company will still require you to change your password, and you’ll want to do it as soon as possible. Apparently they will only ask you to change your password if you’ve ever linked your Plex.tv account with your forum account, butt we’d change passwords even if you don’t fall under that category. Also consider changing your password for other services if you happen to use the same one (which you shouldn’t be doing, by the way).

Plex was clear to note that other sensitive customer information — such as your payment and billing information — exists on an entirely different server and hasn’t been compromised in any way. We sure hope so.

[Update]: Well, things are about to get interesting. We’ve uncovered a message from the malicious hacker left on the server. It was since removed by Plex, but a cached version of Plex’s website still shows the goods.

The culprit apparently wants ransom. It’s simple: someone forks over 9.5 bitcoins (about $2,400) or all the data the hacker stole will be released for anyone to see. If it doesn’t happen by July 3rd, they’ll ask for another 5 bitcoins. And if no one comes through? They say they’ll simply release the data anyway, and alleges that “there will be no more Plex.tv.”

We’re not sure how strong that claims is as Plex’s forums and blog systems are supposedly on an entirely different server than the one they use for payments and infrastructure, so we’ll have to wait and see what happens either way.

The no-gooder also suggests they’ll remove individual data from the database as long as they pay, though we’d strongly advise against doing that. In the meantime, just be sure to change those passwords like Plex recommends and hope for the best.

[via Lifehacker]