The Plex media player system recently announced that the server hosting its forums and blog had been compromised, and forum users’ IP addresses, private messages, email addresses, and encrypted (hashed and salted) passwords had been accessed.
The plex.tv passwords of all users with linked forum accounts have been reset in response.
“We have no reason to believe that any other parts of our system were compromised, and we never store credit card or other payment data on our systems,” the company stated in a blog post. “It’s worth taking a moment to remind everyone that it’s super important to choose strong passwords, never share them, and never re-use them on different sites. Even better, consider using a password manager like 1Password or LastPass to create unique, strong passwords for all the sites and services you visit.”
“I gave them until the 3rd of this month to send 9.5 BTC to [redacted] or I would release all this data,” Savaka wrote. “This ransom is still active and on the 3rd: if no BTC payment is made, the ransom [will] go up by 5 BTC. Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv.”
Plex CTO and co-founder Elan Feingold acknowledged that the forums server was compromised, “likely via PHP/IPB vulnerability.”
Lancope CTO TK Keanini told eSecurity Planet by email that there’s one simple lesson to learn from this breach: back up, back up, back up. “We are dealing with information so they when steal it, you still have it,” he said. “By that same token, in the case of ransom, they are holding your working data set ransom but you should have a backup copy always at the ready. This is business continuity and even for personal computing, this is personal continuity.”
And Lancope vice president of threat intelligence Gavin Reid added that breaches like these clearly demonstrate that many organizations have critically under-spent on security preparedness. “Even attacks easier to defend against have been successful,” he said. “Organizations need to invest in security maturity in basics like patching, security controls and incident detection and response.”