No credit card data was leaked and the rest was hashed and salted.
At approximately 1pm PDT, on July 1st, video streaming service, Plex, learned that servers hosting their forums and blogs were compromised. Information including, IP addresses, forum private messages, email addresses, and encrypted (hashed and salted) passwords for forum users were exploited. As a precaution, Plex reset user passwords and sent further instructions to users via email.
The hackers asked for 9.5 bitcoins, which is equivalent to about $2,400 but wrote that the ransom would increase to 14.5 bitcoins, which is equivalent to $3,700, if it wasn’t paid in a timely manner. The hackers claimed that the stolen information will be released to the public via torrent networks if the ransom was not paid.
Companies often ignore such extortion attempts as this creates incentives for other hackers to try out the same thing. Plex said the passwords were salted, which is a security measure that makes it more difficult for hackers to convert the passwords to plain text. In a security update provided to users on Plex's website on July 6:
After thorough investigation by a team of forensic specialists, we’ve identified the source of the compromise to the forums server. As we had suspected, the attackers gained entry via exploiting bugs in the forums software, some of which may not be well understood or publicly disclosed, or have patches readily available. The investigation did not turn up any other compromised systems...We’re committed to bringing back the forums as soon as humanly possible.