Video streaming service Plex has disclosed that its forums were hacked and some user information were compromised. On July 1, the company found out that a server hosting its blog and forum had been compromised.
Plex said in a blog post that the hacker was able to stole private information of users of Plex, such as encrypted passwords, private messages, email addresses and IP addresses. However, it will possibly be not easy for the hacker to decipher passwords as they were encrypted.
As a precautionary measure, Media server Plex has shut down its forums and reset passwords of Plex.tv users with linked forum accounts, Tech Times reported. The company has sent emails to all forum users to change their passwords.
A person with the nickname 'Savata' has claimed responsibility for the breach and has said that he will release the stolen data on torrent networks if a ransom is not paid. The hacker has demanded 9.5 bitcoins (US$2,400).
Companies have frequently ignored such attempts for extortion as this creates incentives for other cybercriminals to try out the same thing.
According to Plex support engineer Chris Curtis, the passwords stolen by the hacker were salted, which is a security measure that will make it more difficult for cybercriminals to convert the passwords back into plain text.
Curtis said that Plex users should use powerful and unique passwords for the online services that they use. Cybercriminals often try to see if a stolen password will unlock other Web services, since users have a tendency to reuse the same ones.
The Plex forums will stay offline until the investigation is completed, while all the other systems of the Plex will remain online and operational.
According to Plex, no other parts of the company's system was affected. Moreover, the company does not store payment data within its systems.