Plex forums hacked: IPs, private messages, encrypted passwords compromised

Users of Plex’s forums are being forced to change their password in wake of a breach that resulted in the compromise of some of their private information, including passwords.

“At approximately 1pm PDT yesterday (July 1st) we learned that the server which hosts our forums and blog was compromised. The attacker was able to gain access to some personal information, such as IP addresses, forum private messages, email addresses, and encrypted (hashed and salted) passwords for our forum users,” Chris Curtis, a support engineer at Plex, explained in a blog post.

“As a precaution, we reset the plex.tv passwords of all users with linked forum accounts and reached out via email with further instructions for those affected. At this time, our forums remain offline while we complete our investigation. All other systems are online and operational.”

He reassured users that no payment data has been compromised as they do not store it on their systems.

Apparently, the person responsible for the breach has been trying to blackmail Plex and forum users into paying a determined amount of bitcoin so that the stolen data is not leaked online.

Elan Feingold, co-founder and CTO of Plex, took advantage of the reddit thread to share more details about the breach.

“The forums machine was definitely compromised, likely via PHP/IPB vulnerability. We have no reason to believe that any other parts of our infrastructure was compromised, but we’re investigating,” he stated.

He also added that the attacker “got the (salted) hashed forums passwords, which are used on plex.tv as well (single sign-on). So if the hashes are reversed, they could sign into plex.tv.”

He again urged users to change their plex.tv password to be on the safe side.