Hacker Savaka Blackmails Plex for Bitcoin Ransom
Users of the Plex media server and home theater software with forum accounts needed to change their passwords this morning. The change comes following an announcement from the company alerting users to a hack that compromised email address, messages and passwords. The hacker exploited a PHP vulnerability and is currently blackmailing Plex and their users – demanding a payment in bitcoin to prevent releasing the private information.
I gave them until the 3rd of this month to send 9.5 BTC to redacted or I would release all this data. This ransom is still active and on the 3rd: if no BTC payment is made, the ransom wll go up by 5 BTC – Savaka wrote in a letter claiming responsibility.
Eventually if no BTC payment is made, the data will be released via multiple torrent networks and there will be no more plex.tv
You can also pay me to remove your data from the content that’s going to be released by e-mailing redacted – If you send an e-mail without BTC ready to send, I will add your data to a special list.
At 4PM yesterday, July 1st, Plex learned that their blog and forum server was compromised. A hacker going by the handle Savaka claimed responsibility. The hacker obtained access replacing the index.php of the cPanel web host administrative control panel. Savaka possess user emails, messages and their salted and hashed passwords.
Aside from their blog post and emails alerting users to the breach nothing more has been heard from Plex or Savaka. Fortunately, Plex acknowledged there is no reason to believe that any payment or credit card information is compromised. Those parts of the system are hosted separately from their forum and social media platforms. However, some Plex users reported receiving emails their accounts had been locked due to too many unsuccessful login attempts. Reddit has been the unofficial gathering place for tracking the events as they occur.