Plex Forum Compromised (Change your Password Now!)

If you are a user of Plex, you’d better change your password now. On Tuesday the developers of the Popular Media Server have sent out an email notification reporting that the sever hosting the forums and the blog has been compromised, and consequently all the users are required to change their password.

The good news is that credit card and other payment details are safe. The bad news is that the attacker was able to gain access to IP addresses, private messages, email addresses and forum passwords.

Plex Notification

The author of the attack, a hacker with the moniker of savaka,  has demanded a ransom of 9.5 BTC (2432.38 USD). He has threatened to release all the data if the sum won’t be payed within July the 3rd (and not necessarily from Plex).

Even worse, the price is destined to go up by 5 BTC, if no payment will be made.

Hello,  My name is savaka and I like to hack things. Recentlyhttps://plex.tv/ (s) forum & website was compromised by me. I managed to obtain all of your data, customers as well as software and files. 

I replaced the index.php of the administrator cpanel with a nice message, but the ones in charge of your data decided that it would be pretty lulzy’ to remove the message and place the original index back there.

I gave them until the 3rd of this month to send 9.5 BTC to redacted or I would release all this data.

This ransom is still active and on the 3rd: if no BTC payment is made, the ransom wll go up by 5 BTC.

Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv

You can also pay me to remove your data from the content that’s going to be released by e-mailing redacted – If you send an e-mail without BTC ready to send, I will add your data to a special list.

savaka

At the time of writing, Plex has not yet released any official statement. According to a thread on Reddit, the attack has been carried on exploiting a PHP/IPB vulnerability.

Leave a Reply

%d bloggers like this: