Plex

Plex, a popular application that its users use to organize and stream their media collection across devices, was reported to have been hacked in July 2015. The discussion forum for the application’s media center was hacked, and more than 327,000 accounts were exposed. According to the reports from Security Week, the attacker used the online moniker “Savaka” to post a message on the hacked Plex forum. The message claimed that the hacker had obtained the customer data, files, and software. The hacker demanded a ransom that was to be paid by Plex in the form of Bitcoin that is roughly $2,400. The responsible threatened to leak the data by way of “multiple torrent networks” if the demand was not met.

Elan Feingold, who is Plex co-founder and CTO, conformed the hacking noting that the forum’s machine had been compromised most probably via PHP/IPB vulnerability. It was also reported that the hacker did not gain full access o Plex systems indicating that the user’s personal data and other payment data were safe. The company noted that the compromised data included email addresses, IP addresses, usernames, and passwords. Even though the passwords were encrypted, each user was requested to change them. He, however, did not address the ransom issue on Reddit. He went ahead and confirmed it in his blog post. Elan went ahead and advised users to sign up for a password manager like 1password or LastPass.

The company also reported that investigations were ongoing, and it will post results on its website once the investigations are complete. Plex also confirmed the incident in an apologetic blog it sent to its users. The blog confirmed that the incident took place at approximately 1 PM PDT on the 1st of July. The blog stated that the server that hosts Plex forums and blogs had been compromised. The hacker managed to gain access to user’s personal information such as IP addresses, forum private messages, email addresses together with hashed and salted passwords. Plex took precautions and reset the plex.Tv passwords that belonged to users that had linked forum accounts. The forums were put offline to enable investigations.

Plex also took the moment to advise its users on the importance of choosing strong passwords and keep them as a secret. It also noted that it is important to avoid re-using passwords on different sites. Reused passwords on various sites make it easier for criminals to utilize the stolen credentials to sign into a targeted system. Passwords are the most common point of intrusion for criminals because default passwords are not changed or week. Plex.tv users who use Plex.Tv password on any other sites was asked to change and make it stronger. The users were also asked to be cautious of any phishing emails that request the user to click on links or provide personal information.

The Plex passwords were hashed and salted, but if the hacker had managed to decrypt them, then there would be wider implications. Criminals automate attacks using stolen username/password combinations to determine what else they can gain access.

References
Media Server Company Plex Hacked – Forum Servers Affected, But Payment Info Safe
www.itgovernanceusa.com/blog/digital-media-streaming-service-plex-hacked-forum-held-for-ransom/
www.pcmag.com/article2/0,2817,2487212,00.asp