Video streaming service - Plex has reset client passwords, after it was breached by a hacker, who debilitated to discharge stolen information unless he's paid a payoff.
On Wednesday, Plex found that a server hosting its blog, and forum had been compromised, as stated by Chris Curtis - a Plex support engineer, in a blog post. The hacked data incorporates email addresses, IP locations, and private discussion messages, from when encoded passwords were recovered by the firm.
Someone going by the handle - Savata claimed Responsibility for the breach, and threatened to release the hacked data on torrent networks, if a ransom wasn’t paid in bitcoins.
According to a copy of the message posted on a source, Savata asked 9.5 bitcoins (US$2,400) for the ransom amount; yet wrote that the amount would increase to 14.5 bitcoins, if the company fails to pay till Friday. Further, Savata added that he didn’t care, who the BTC originates from as long as the payment is made: no data will be released.
Firms regularly overlook such coercion endeavors, as it creates an incentive for different cybercriminals to try the same ploy.
Curtis said that the passwords were salted, a security measure, which encrypts it harder for hackers to change them back into plain text. Payment card data was not uncovered, he wrote, and Plex had no reason to accept that any other parts of their framework were compromised.
He reminded clients they ought to pick strong and unique passwords for each online service they use. Hackers frequently attempt to check; whether a leaked password will unlock other Web services, since individuals tend to reuse the same ones.
It is possible to change encrypted passwords into the original text by using password cracking tools. Long and complex passwords; however, are more impervious to cracking, since it takes additional time and computing power.