8tracks Hit With Breach of 18 Million Accounts8tracks Hit With Breach of 18 Million Accounts
Hackers attack Internet radio user database, gaining access to email addresses and encrypted passwords.
July 1, 2017
Hackers broke into Internet radio site 8tracks, resulting in a database breach of 18 million users' email addresses and encrypted passwords, according to an International Business Times report.
The online music site says in a blog post that only users who signed up for the service using their email got hit. Customers who rely on Google or Facebook to authenticate themselves did not have their passwords pilfered, 8tracks says.
The company believes an employee's Github account, which did not have two-factor authentication, served as the attack vector. When Github alerted the 8tracks employee of an unauthorized attempt to change their account password, that is when 8tracks realized a breach had ocurred.
"We do not believe this breach involved access to database or production servers, which are secured by public/private SSH-key pairs. However, it did allow access to a system containing a backup of database tables, including this user data. We have secured the account in question, changed passwords for our storage systems, and added access logging to our backup system," 8tracks states in its blog.
Read more about the breach here.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
2021 Banking and Financial Services Industry Cyber Threat Landscape Report
5 Reasons To Move your PKI Deployment to the Cloud