14 DAY TRIAL // Universal Music UK has notified users of several of its band websites that their names, email addresses and passwords were exposed during a recent security breach.
"As you may have heard in the media this week, various websites hosted by Universal Music UK have been targeted by a so-called internet hacker.
"As part of our investigations into this illegal activity we have discovered yesterday that some user information on our website www.klaxons.net was taken," the company wrote in the email to fans of the British indie rock band Klaxons.
The record label group apologized for the incident and advised affected users to change their passwords on all websites where they might have used them.
This confirms that account passwords were stored in plain text form, a major security oversight for any respectable website. The company did not offer any explanation regarding the insecure practice.
Universal said that it put in place additional measures to protect personally identifiable information, although it's not clear if these include password hashing.
"Please note there were no financial or credit card details associated with any of your details and no financial or credit card details have been accessed," the company stresses.
Nevertheless, since password reuse is a very common practice, the leak could put financial information stored on other websites, like PayPal or iTunes, at risk.
The attack is believed to have been carried out by a group called SwagSec which seems to target the music industry and artists in particular. So far, the hacking outfit defaced the websites of Amy Winehouse and Lauren Pritchard, and leaked the passwords of Justin Bieber fans.
People whose email addresses were exposed in these attacks should be wary of emails purporting to come from Universal or their favorite bands which ask personal information or directing them to download files. These might be the result of hackers trying to exploit the data.