Plex Hacker Demands Bitcoin Ransom

Bitcoin is a favorite payment method for both people who enjoy the disruptive aspect of digital currency, as well as people with less positive ideas.  After the whole Bitcoin-related ransomware debacle which has been plaguing the entire world over the past few months, the person – or collective – responsible for hacking Plex earlier this week demands a Bitcoin ransom to be paid.

Plex Services Breached, User Password Reset MandatoryPlex Media Server

Despite the amazing implementations of technology which allow us to do virtually anything over the internet, it remains crystal clear that security systems are still a work in progress.  Not only are security breaches far more common in recent years than they have ever been before, more and more major services are being – successfully – breached by hackers.

Plex is the latest in a long list of services vulnerable to hacking attempts.  The centralized server containing forum and blog information from staff members and users was hacked on July 1st.  As a result, the hacker(s) managed to obtain sensitive user information, such as passwords, email addresses and IP addresses.

After the breach had been discovered, rather quickly, the Plex team forced a password reset for all users as a precaution.  Other than the forums being kept offline for an undisclosed period of time, other Plex services remained online and operational until further notice.

It is important to note that, even though usernames and passwords have been leaked, no payment data – such as credit card information – is ever stored on the Plex servers.  All users are advised, once again, to create strong, random passwords that can not be brute forced so easily. A tool such as LastPass or 1Password will go a long way in creating completely new and secure passwords.

Demand for A Ransom Paid in BitcoinPlex Small

Even though most Plex users have managed to reset their password to a more secure one, the hacker(s) still obtained a record of customer data.  At the time of publication, a user called “Savata” claims responsibility for this breach, and if a ransom – valued at US$2,400 or roughly 9.5 Bitcoin – is not paid, all of this information will be released through the torrent network.

However, if the ransom had not been paid by July 3rd 2015 – which has not happened as far as we know – the amount would increase to US$3,700, or roughly 14.5 BTC.  Whether or not the Plex team will ever meet Savata’s demands remains up in the air, but eventually, it shouldn’t be a necessity.

According to Plex Support Engineer, Chris Curtis, all of the obtained passwords are salted, making the task of converting them to plain text that much harder.  That being said, there is always a chance for these passwords to become visible, and all Plex users are advised to update their account password as soon as possible.

Source: Tech Times

Images courtesy of Plex