PlexMobile_512x512

Plex.TV Forums Have Been Hacked – Change Your Password

PlexMobile_512x512

 

Update: We have been contacted by the Plex with the following statement: 

“I can confirm the server which hosts our forum and blog was compromised. After investigating, all evidence points to it being limited to this server.

For the record, credit card and other payment data are not stored on our servers at all.”

A few hours ago a hacker posted claiming to have hacked the Plex Forums. The hack has been confirmed by Plex staff but the full extent of the hack is unknown at this time. “We’re investigating. The forums machine was definitely compromised, likely via PHP/IPB vulnerability. We have no reason to believe that any other parts of our infrastructure was compromised, but we’re investigating.”

Here is a copy of the message posted claiming responsibility for the hack:

Hello,

My name is savaka and I like to hack things. Recently https://plex.tv/ (s) forum & website was compromised by me. I managed to obtain all of your data, customers as well as software and files.

I replaced the index.php of the administrator cpanel with a nice message, but the ones in charge of your data decided that it would be pretty lulzy’ to remove the message and place the original index back there.

I gave them until the 3rd of this month to send 9.5 BTC to redacted or I would release all this data.

This ransom is still active and on the 3rd: if no BTC payment is made, the ransom wll go up by 5 BTC.

Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv

You can also pay me to remove your data from the content that’s going to be released by e-mailing redacted – If you send an e-mail without BTC ready to send, I will add your data to a special list.

savaka

P.S I don’t care who the BTC comes from as long as the payment is made: no data will be released.

Currently the Plex forums and blog is down. The site and service remains up and Plex has said they are unsure how far the hack has went.

It is suggested that you change your password on any service that uses the same email/username and pass word you used on Plex. You should also change your password on Plex.TV.

We have reached out to our contact at Plex for comment and will update this story when we know more.

Please follow us on Twitter and Facebook for more updates.

Disclaimer: To address the growing use of ad blockers we use affiliate links to sites like Amazon.com and others. Affiliate links help sites like Cord Cutters News, LLC stay open. Affiliate links cost you nothing but help us support our families.

2 Responses to Plex.TV Forums Have Been Hacked – Change Your Password

  1. Avatar
    from plex July 2, 2015 at 2:35 am #

    Dear Plex User,

    Sadly, we became aware this afternoon that the server which hosts our forums and blog was compromised. We are still investigating, but as far as we know, the attacker only gained access to these parts of our systems. Rest assured that credit card and other payment data are not stored on our servers at all.

    If you are receiving this email, you have a forum account which is linked to a plex.tv account. The attacker was able to gain access to IP addresses, private messages, email addresses and encrypted forum passwords (in technical terms, they are hashed and salted). Despite the password encryption measures, we take your privacy and security very seriously, so as a precaution, we’re requiring that you change your password.

    Be sure to choose a strong password, never share it, and never re-use passwords for different accounts! Even better, use a password manager (1Password, for example) to manage a unique password for you. Access to your Plex account will be blocked until you do so.

    Please follow this link to choose a new password.

    We’re sorry for the inconvenience, but both your privacy and security are very important to us and we’d rather be safe than sorry!

    We will post more detailed information on our blog shortly. Thanks for using Plex!

    The Plex Team