Another month and another new cyber-attack, and this time the victim is the media server company, Plex. The company revealed that its forum and blog server were compromised and the attacker gained access to personal information such as email addresses, IPs, forum private messages, and encrypted (hashed and salted) passwords of the forum users.
However, the company confirmed that no credit card or other payment data was compromised.
“We have no reason to believe that any other parts of our system were compromised, and we never store credit card or other payment data on our systems,” said Chris Curtis, a Plex engineer in the company’s blog post.
Securing the Front
As a precautionary measure, Plex has reset all Plex.TV user passwords that were linked with forum accounts and emailed further instructions to the affected users. The forum has also been shut down for investigation.
In a post on Reddit, CTO and cofounder of Plex, Elan Feingold said that “We’re still investigating, but he/she got the (salted) hashed forums passwords, which are used on plex.tv as well (single sign-on). So if the hashes are reversed, they could sign into plex.tv.Change your plex.tv password for sure (and now would be the time to make it unique/strong as well).”
Plex.TV subscribers that use the same passwords for other web services should change their log in credentials immediately. Another rule of thumb is to never entertain any email asking you to provide personal information or to click on links, as these could be phishing emails, even if they seem to have been sent from social media websites.
Why Attack Plex?
The intention behind this attack is evident, as the hacker dubbed “savaka” has demanded for a ransom of 9.5 bitcoins (around $2,400). If not paid, the attacker warned that the number would increase by 5 bitcoins (around $1270) and made the consequences of not paying very clear.
“Eventually, if no BTC payment is made, the data will be released via multiple torrent networks, and there will be no more plex.tv,”, the hacker wrote on the Plex forums.
While Feingold confirmed the news on Reddit, he hasn’t addressed the ransom part yet.
So how do you secure your personal information from such cyber-attacks? Let us know in the comments below.
- Plex servers compromised and held for ransom - July 10, 2015
- MasterCard is testing a treat for selfie lovers - July 7, 2015
- Amazon launches new plan to pay some authors based on number of pages read - July 6, 2015