June 29, 2017 by

Millions of User Account Details Stolen in Internet Radio 8Tracks Breach

Millions of users’ accounts at popular internet radio service 8tracks have been stolen by malicious hackers who are selling the data in underground forums.

Hackers have stolen account details from 8tracks, a social internet radio streaming platform, with breached user data going back all the way to 2008. Motherboard reports it obtained a dataset cluster with some 6 million accounts’ usernames, email addresses and hashed passwords from breach notification website LeakBase, a for-profit resource. According to LeakBase, the complete dataset comprises of 19 million accounts.

The passwords were notable hashed with the SHA1 algorithm, raising the possibility of hackers cracking the hashes to obtain the original passwords through a brute force attack.

In a blog announcement, 8tracks confirmed the breach – stating that user accounts signed in via Google or Facebook authentication were not affected by the leak.

In explaining the reason for the breach, 8tracks wrote:

We believe the vector for the attack was an employee’s Github account, which was not secured using two-factor authentication. We were alerted to this breach by an unauthorized password change attempt via Github, and it was verified independently by examining data from journalists and a security services company.

8tracks offers both free and paid accounts, the latter for ad-free listening. In what will come as some relief, the stolen data does not show any signs of stolen credit card or payment data.

If you happen to be a user of 8tracks, it’s recommended that you change your password immediately. If you are likely to have shared the same password elsewhere among other websites, it’s strongly recommended that you change those too. A good practice would be putting a free password manager, the likes of LastPass or 1password, to use. Password managers could avoid these pitfalls altogether through the use of unique passwords for every website that requires credentials.

Image credit: 8tracks.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward