Media Server Plex, revealed that PLEX forums has been hacked by some unknown hackers and certain information about the user has compromised. The hackers hacked the forum and obtained IP addresses, private messages of users, their email addresses and also encrypted passwords.
Plex said in a blog post as that, the user’s passwords were encrypted and it is not an easy task for the hackers to crack the password and decipher them. As a preliminary task, Plex has done reset passwords for all of its user accounts and also shut down its forum.
In a post on Reddit, co-founder and Plex CTO Elan Feingold said,
“Worst case (that we know of! right now!) is they reverse the hashes on your forum passwords and use them to sign into plex.tv. So please, change your plex.tv password. We have no reason to believe that any other parts of our system were compromised, and we never store credit card or other payment data on our systems,”
Mainly those accounts, linked to plex.tv and the Plex forum, will receive a message from the company for further instructions.
Feingold mentioned in a statement as,
“Reversing hashes is pretty freaking complicated and unlikely though right?” one user asked. “Depends how bad your password is,”
Suppose, if you have used your plex.tv account’s password on any other Web services, it is strongly suggested to change the password as soon as possible.
Be aware, in future you may get a phishing emails asking you to enter your personal information on a few links and this would end up in hacking of your entire accounts in all Web services in this globe. In Reddit post, he mentioned that hackers were holding the personal data for ransom, and they have demanded 9.5 bitcoin by July 3, and also, the number will go up by 5 bitcoin, if no payment is made.
Hackers wrote in Plex forums that when no BTC payment is done, the entire data will be released through multiple torrent networks and there will be no more plex.tv. Feingold recommends all users to reset the password for their account and also recommends to sign for password manager like LastPass to avoid hassles.
[ Source ]