June 29, 2017 by

Millions of User Account Details Stolen in Internet Radio 8Tracks Breach

Millions of users’ accounts at popular internet radio service 8tracks have been stolen by malicious hackers who are selling the data in underground forums.

Hackers have stolen account details from 8tracks, a social internet radio streaming platform, with breached user data going back all the way to 2008. Motherboard reports it obtained a dataset cluster with some 6 million accounts’ usernames, email addresses and hashed passwords from breach notification website LeakBase, a for-profit resource. According to LeakBase, the complete dataset comprises of 19 million accounts.

The passwords were notable hashed with the SHA1 algorithm, raising the possibility of hackers cracking the hashes to obtain the original passwords through a brute force attack.

In a blog announcement, 8tracks confirmed the breach – stating that user accounts signed in via Google or Facebook authentication were not affected by the leak.

In explaining the reason for the breach, 8tracks wrote:

We believe the vector for the attack was an employee’s Github account, which was not secured using two-factor authentication. We were alerted to this breach by an unauthorized password change attempt via Github, and it was verified independently by examining data from journalists and a security services company.

8tracks offers both free and paid accounts, the latter for ad-free listening. In what will come as some relief, the stolen data does not show any signs of stolen credit card or payment data.

If you happen to be a user of 8tracks, it’s recommended that you change your password immediately. If you are likely to have shared the same password elsewhere among other websites, it’s strongly recommended that you change those too. A good practice would be putting a free password manager, the likes of LastPass or 1password, to use. Password managers could avoid these pitfalls altogether through the use of unique passwords for every website that requires credentials.

Image credit: 8tracks.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward

Hackers Steal Compromising Photos from High-Profile Plastic Surgeon

Hackers have broken into a high-profile plastic surgeon in London to steal a cache of sensitive...

Read more arrow_forward

Sonic Drive-In Breach Could See Info of Millions of Credit, Debit Cards Stolen

Drive-in restaurant chain Sonic is the latest major company to be the target of a significant data...

Read more arrow_forward