Plex warns of forum breach

July 3, 2015 | 11:58

Tags: #breach #hashed #hashing #insecurity #password #security #vulnerability

Companies: #plex

Popular media-streaming service Plex has warned users of its forums that a breach has leaked their personal details, including names, email addresses and hashed passwords.

In an announcement made late last night, Plex support engineer Chris Curtis warned of the discovery of a breach into the company's forum server. 'At approximately 1pm PDT yesterday (July 1st) we learned that the server which hosts our forums and blog was compromised,' Curtis explained. 'The attacker was able to gain access to some personal information, such as IP addresses, forum private messages, email addresses, and encrypted (hashed and salted) passwords for our forum users.

'As a precaution, we reset the passwords of all users with linked forum accounts and reached out via email with further instructions for those affected. At this time, our forums remain offline while we complete our investigation. All other systems are online and operational.

Posts made to the Plex forums during the breach from someone identifying themselves as 'savaka' took responsibility for the attack, and claimed to have requested 9.5 Bitcoins from Plex to delete the data. A deadline of today was issued by the alleged attacker, after which the ransom would go up by a further 5 Bitcoins. 'Eventually,' 'savaka' claimed, 'if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more'

While the breach is serious, its impact is somewhat mitigated by Plex's use of industry-standard password protection: all passwords stored in the database were both hashed with a non-reversible algorithm and salted, making the process of brute-forcing them significantly more difficult.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04