Video streaming service Plex has decided to reset the passwords of its users after its systems were infiltrated by a hacker that is now threatening to release stolen information unless a ransom is paid in bitcoins.
Plex discovered that the server that hosts Plex's forums and blog was compromised on July 1 at around 1 p.m. PDT.
According to the official blog post detailing the incident, the hacker was able to acquire personal information of Plex users, such as IP addresses, email addresses, private messages and encrypted passwords in the forum of Plex.
Plex, as a precaution, decided to reset the passwords of all the Plex.tv users with linked forum accounts. The company then reached out through email to give further instructions to users that have been affected by the data breach.
The Plex forums will remain offline until the investigation on the matter is concluded, while all the other systems of the company will remain operational and online.
Plex believes that no other parts of the company's system was affected and noted that it does not store payment data such as credit card information within its systems.
A person with the username "Savata" has claimed responsibility for the data breach and has said that he will release the stolen information on torrent networks if he is not paid a ransom in bitcoins.
Savata has asked for 9.5 bitcoins, which is equivalent to about $2,400. However, Savata said that if the ransom was not paid by July 3, the amount would increase to 14.5 bitcoins, which is equivalent to about $3,700.
"I don't care who the [bitcoins] comes from as long as the payment is made: no data will be released," Savaka wrote in the ransom note.
Companies have often ignored similar attempts for extortion as this creates incentives for other hackers to try out the same thing. It will be up to Plex whether it will give in to Savaka's demands or not.
Chris Curtis, the support engineer for Plex that wrote the blog post, revealed that the passwords acquired by the hacker were salted, which is a security measure that will make it more difficult for hackers to convert the passwords to plain text.
Curtis, however, reminded Plex users to use unique and strong passwords for the online services that they use, as hackers will be trying to plug in a stolen password from one service to another to see if passwords are shared by the user among different websites.