Plex hacked

Caporegime
Joined
6 Dec 2005
Posts
37,831
Location
Birmingham
Forum account details were obtained, because of their single sign link this means Plex.tv accounts as well.


If you log into Plex.tv you will be prompted to change your password. :)



IMPORTANT SECURITY NOTICE

Dear Plex User,

Sadly, we became aware this afternoon that the server which hosts our forums and blog was compromised. We are still investigating, but as far as we know, the attacker only gained access to these parts of our systems. Rest assured that credit card and other payment data are not stored on our servers at all.

If you are receiving this email, you have a forum account which is linked to a plex.tv account. The attacker was able to gain access to IP addresses, private messages, email addresses and encrypted forum passwords (in technical terms, they are hashed and salted). Despite the password encryption measures, we take your privacy and security very seriously, so as a precaution, we're requiring that you change your password.

Be sure to choose a strong password, never share it, and never re-use passwords for different accounts! Even better, use a password manager (1Password, for example) to manage a unique password for you. Access to your Plex account will be blocked until you do so.

Please follow this link to choose a new password.

We're sorry for the inconvenience, but both your privacy and security are very important to us and we'd rather be safe than sorry!

We will post more detailed information on our blog shortly. Thanks for using Plex!

The Plex Team



The 'hackers' message.

Hello,

My name is savaka and I like to hack things. Recently https://plex.tv/ (s) forum & website was compromised by me. I managed to obtain all of your data, customers as well as software and files.

I replaced the index.php of the administrator cpanel with a nice message, but the ones in charge of your data decided that it would be pretty lulzy' to remove the message and place the original index back there.

I gave them until the 3rd of this month to send 9.5 BTC to redacted or I would release all this data.

This ransom is still active and on the 3rd: if no BTC payment is made, the ransom wll go up by 5 BTC.

Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv

You can also pay me to remove your data from the content that's going to be released by e-mailing redacted - If you send an e-mail without BTC ready to send, I will add your data to a special list.

savaka

P.S I don't care who the BTC comes from as long as the payment is made: no data will be released.
 
I'm only on the free subscription, if he wants the box set of "It aint half hot mum" which is the only thing I have, he is welcome to it.
 
I got the prompt.

I had a 20 character generated password from KeePass so I don't think it's based on the complexity of your previous password.

Even if you don't get a prompt i'd be inclined to change it - and get a password manager if you haven't already.
 
Never touched the forum but password changed anyway. It was a leftofter simple password from before everything was getting a unique one stored in a keepass file anyway so it was overdue.
 
I thought PLEX was something for EVE. What is this magic you discuss?

It's a media streaming system that allows you to access your media anywhere in the world or out of your home you can also use it as a media centre at home. What's great about it is that it can transcode the stream to allow for lower bandwidth, you can stream it anywhere, it's really useful. :)
 
So... is the encryption on the passwords feasible to break or are you changing passwords just because you had a simple one someone could break with a password list.
 
Great, hacked and they didn't even tell me. At least I have nothing on my account to do with payment details :o
Just wondering if they actually have the passwords or the encrypted password database?
 
So... is the encryption on the passwords feasible to break or are you changing passwords just because you had a simple one someone could break with a password list.

gpus can break encryption pretty fast compared to a cpu.

Never know what is feasible anymore
 
Back
Top Bottom