14 DAY TRIAL // Ground(ctrl), a Sacramento-based company that operates websites for famous musicians, has suffered a data breach. Customers are being advised to change their passwords to prevent hackers from accessing their accounts.
In a notification sent to customers and to the Office of the California Attorney General, the company’s CEO Eddie Meehan revealed that the hackers gained access to email addresses, passwords, and the last four digits and expiration dates of the credit cards used by customers on the firm’s website.
On Twitter, Ground(ctrl) has clarified that it does not store full credit card information on its systems.
“Recently, an unauthorized person gained access to part of our computer network that supports the websites we operate. Upon learning of the access, we worked to block any further unauthorized access and engaged a leading forensic investigation firm to determine what occurred and assist us in implementing enhanced security measures,” Meehan explained.
While passwords are encrypted, the company believes that the hackers can crack them, which is why customers are instructed to change their passwords. Those who utilize the same password for other services are recommended to change it there as well.
Users who have questions regarding the incident can contact customer support at support.groundctrl.com or by calling 877-GND-CTRL.
Ground(ctrl) representatives have told Softpedia that this is the same data breach as the one we reported back in March when a hacker defaced not only the company’s official website, but also the sites of several celebrities.
The list of affected websites included the ones of Miley Cyrus (mileycyrus.com), Selena Gomez (selenagomez.com), Taylor Swift (taylorswift.com), Nicki Minaj (mypinkfriday.com), Chelsea Handler (chelseahandler.com) and Britney Spears (britneyspears.com).
“The notification that was sent to our users this week was in relation to the incident that you reported in March, not an additional breach. At the time of your initial report, we had notified all potentially affected customers (those whose websites we manage and may have been affected),” Greg Patterson, Ground(ctrl) co-founder and COO, told Softpedia.
“However, our ongoing investigation recently revealed that there may be a need to notify users as well (those who had signed up for accounts with the websites we manage). As we said in the notification, we found that the email addresses, passwords and in some cases, last four digits and expiration dates of credit cards, may have been accessed by the hacker.”
The attack was carried out by a hacker calling himself Ethical Spectrum. He blamed Patterson for the attack.
Ethical Spectrum is a hacker who finds vulnerabilities in the systems of various companies and offers them help with fixing the issues. However, if his emails are ignored, he proves his point by leaking data and defacing sites.
This was the case of Finland-based game developer Supercell. The hacker found some vulnerabilities that he reported to the company. After his notifications were ignored, he hijacked a couple of Facebook pages for Supercell games. This is what happened in the case of Ground(ctrl) as well.
Update. The article has been updated to clarify that this is the same breach that we reported back in March.