Those who signed up via Google or Facebook authentication will apparently not have had their passwords compromised.
#8TRACKS RADIO USERS COUNT PASSWORD#
We are auditing all our security practices and have already taken steps to enforce 2-step authentication on GitHub, to limit access to repositories, and to improve our password encryption.” “We have secured the account in question, changed passwords for our storage systems, and added access logging to our backup system. However, it did allow access to a system containing a backup of database tables, including this user data,” explained Porter. “We do not believe this breach involved access to database or production servers, which are secured by public/private SSH-key pairs. An unauthorized password change then raised the alarm. The firm’s user database is thought to have been breached thanks to a lack of 2FA on an employee’s GitHub account. Likening the breach to similar incidents affecting LinkedIn, Dropbox, Tumblr and MySpace, Porter urged users not to reuse passwords across different online accounts and recommended using 2FA and password managers to improve access security. “Although the decryption of one particular user’s password through brute-force techniques is unlikely, we recommend that users change their password on 8tracks and any sites on which they may have used the same password to ensure their personal security.” “Passwords on 8tracks are hashed and salted, meaning that even we can’t tell you what your password is by looking at the database,” he continued. In a blog post, the firm’s founder and CEO, David Porter, claimed that no financial data, phone numbers or postal addresses were exposed, but email addresses and encrypted passwords were. Internet radio service 8tracks was hacked this week and personal details associated with a reported 18 million user accounts compromised.
0 kommentar(er)
