Plex

In July 2015, Plex, a popular media streaming service, suffered a data breach that compromised the personal information of users tied to its forum and blog systems. The attacker, operating under the alias "savaka," gained unauthorized access to the company’s servers and claimed to have obtained customer data, internal files, and proprietary software. As part of the intrusion, the attacker issued a ransom demand of 9.5 Bitcoin—worth roughly $2,400 at the time—threatening to release the stolen materials if Plex failed to comply. The breach exposed email addresses, IP addresses, private forum messages, and password hashes associated with user accounts. Although Plex emphasized that the passwords were salted and hashed, and that no payment or billing data had been compromised, the situation nonetheless raised security concerns for the affected users. Ultimately, Plex confirmed that approximately 100,000-300,000 user records were impacted by the breach.

Data Included in the Breach