Blame it on bad passwords or the fact that the Internet is just no longer safe, but reports of data breaches seem to have shot up in the past few years. In what seems to be a breach similar to the massive Dropbox and LinkedIn debacles of the past, popular Internet radio service 8tracks has been hacked, potentially leaving millions of accounts vulnerable.
The data breach reportedly gave hackers account details of millions of users dating back to 2008, Motherboard learned from breach notification site LeakBase. The site obtained a dataset of 6 million 8track usernames, email IDs and hashed passwords, out of a total 18 million accounts. It further found that the passwords were hashed using ageing but still widely used SHA1 algorithm, something Google recently cracked, leaving them unsecure.
8tracks is aware of the breach and explained in a blog post that the hashes are difficult to access and can only be done through brute force attacks, which is complex and unlikely. However, the company is still urging its users to change their 8tracks passwords as well as on any other site where they may have used the same password. The Internet radio service informed Motherboard that it would notify its customers and has identified the attack vector used by the hacker, securing the account in question. They also reassure that the stolen data did not include credit card information.
Those using 8tracks may want to change their passwords as well as make sure the same password is not being used elsewhere. It also advised to use a two-factor authentication and password managers like LastPass or 1password, but maybe not OneLogin.