Infosecurity Magazine: 8Tracks Breach Exposes Millions of Accounts

June 30, 2017 — 8Tracks Breach Exposes Millions of Accounts

Ryan comments on new of internet radio service 8tracks hack this week where personal details associated with a reported 18 million user accounts compromised.

In a blog post, the firm’s founder and CEO, David Porter, claimed that no financial data, phone numbers or postal addresses were exposed, but email addresses and encrypted passwords were. “Passwords on 8tracks are hashed and salted, meaning that even we can’t tell you what your password is by looking at the database,” he continued. “Although the decryption of one particular user’s password through brute-force techniques is unlikely, we recommend that users change their password on 8tracks and any sites on which they may have used the same password to ensure their personal security.” Likening the breach to similar incidents affecting LinkedIn, Dropbox, Tumblr and MySpace, Porter urged users not to reuse passwords across different online accounts and recommended using 2FA and password managers to improve access security. The firm’s user database is thought to have been breached thanks to a lack of 2FA on an employee’s GitHub account. An unauthorized password change then raised the alarm.

Ryan Wilk, vice-president at NuData Security, argued that the responsibility for access controls should rest with online providers. “Site owners need to evaluate a multi-layer authentication framework that can leverage the user’s natural behaviors combined with behavior analytics and passive biometrics to give companies the optimum chance of verifying actual users,” he added. “While hackers will continue to steal passwords and credentials to commit fraud or steal money, they are not able to replicate behavior.”

For the complete article, go here.