14 DAY TRIAL // Internet radio service 8tracks was hacked earlier this week, and attackers managed to extract no less than 18 million accounts, including usernames, hashed passwords, and email addresses.
In a message posted on the company’s blog, 8tracks confirms the hack, and says that it all started from an employee’s Github account that was not using two-factor authentication. IT admins became aware of the hack once the attackers attempted to change the password of the Github account, they say, and after data was examined by several sources, including LeakBase.
8tracks explains that only users who signed up with email are affected by the hack, while everyone else, including those who are using Google and Facebook accounts to log in, is completely secure.
No sensitive customer data compromised
Furthermore, the passwords are hashed and salted, so hackers would have a hard time cracking them, though this isn’t out of the question for the time being. As a result, users are strongly recommended to change their passwords as soon as possible, especially if the same credentials are being used on other services as well.
“We do not believe this breach involved access to database or production servers, which are secured by public/private SSH-key pairs. However, it did allow access to a system containing a backup of database tables, including this user data,” the company says in a statement.
“We have secured the account in question, changed passwords for our storage systems, and added access logging to our backup system. We are auditing all our security practices and have already taken steps to enforce 2-step authentication on Github, to limit access to repositories, and to improve our password encryption.”
What’s important to note is that beside usernames, hashed passwords, and emails, no other data was compromised, as 8tracks does not store personal information like credit card numbers, phone numbers, or home addresses. So if you change your password, you should be safe, and you are recommended to do this as soon as possible.