Cyber Threat Actor: savaka
| Actor Type | Location | Known Incidents |
Hacker
|
Iran
|
1 incident |
|---|
Profile
The threat actor is known by the alias savaka.
The actor's location is identified as Iran.
The actor is associated with a breach that occurred on July 2, 2015.
The breach targeted the forum servers of the media server company Plex.
The incident is documented in the actor's attributed incidents overview.
The attacker gained access to email addresses, IP addresses, private messages, and forum passwords that were hashed and salted.
Payment card information was not compromised because Plex does not store such data on its servers.
The breach affected users who held forum accounts linked to their plex.tv profiles.
In response, Plex enforced mandatory password resets for all affected accounts.
Affected users received direct notifications describing the unauthorized access and advising them to change their passwords.
Details of the incident were reported in a Lifehacker article published on July 2, 2015, with the URL http://lifehacker.com/plex-hacked-change-your-password-now-1715355825/.
Plex also published a security notice on its blog, accessible via https://blog.plex.tv/2015/07/02/security-notice-forum-user-password-resets/.
The email sent to users explained that the forum and blog server was compromised and that the attacker accessed IP addresses, private messages, email addresses, and encrypted forum passwords. The email assured recipients that credit card and payment data remained safe and urged the use of strong, unique passwords and password managers.
Plex indicated that it would post further details on its blog and later updated the blog with more information about the hack.
