Internet Radio 8tracks was shredded earlier this week and attackers managed to steal at least 18 million accounts, including usernames, passwords, and email addresses.
In a message posted on the company's blog, 8tracks confirms the hack and says it all started from Github's account of an employee who does not use two-factor authentication. IT managers were aware of the hack as soon as the attackers tried to change the Github account password, they say.
8tracks explains that only users who have signed up with e-mail affected by the hack, while everyone else, including those who use the accounts Google and Facebook to connect, they are absolutely safe.
In addition, passwords are encrypted, so hackers will have difficulty cracking them, although this does not get away with the question for the time being. As a result, users are recommended to change their passwords as soon as possible, especially if the same credentials are used in other services.
“We do not believe that this breach concerns access to database servers that are secured by public / private SSH key pairs. However, it has allowed access to a system containing a backup of the database tables, including these user data, "the company said in a statement.
“We have secured this account, changed passwords for storage systems and added logging access to our backup system. We are reviewing all of our security practices and have already taken steps to enforce 2 authentication on Github, restrict access to repositories, and improve password encryption. "
What should be noted is that, in addition to user names, passwords, and emails, there were no other data as 8tracks does not store personal information such as credit card numbers, phone numbers, or addresses. So if you change your password, you need to be safe and it is recommended that you do so as soon as possible.