Internet Radio 8tracks was shredded earlier this week and attackers managed to steal at least 18 million accounts, including usernames, passwords, and email addresses.
In a message posted on the company's blog, 8tracks confirms the hack and says it all started from Github's account of an employee who does not use two-factor authentication. IT managers were aware of the hack as soon as the attackers tried to change the Github account password, they say.
8tracks explains that only users who have signed up with emails affected by the hack, while everyone else, including those who use the accounts Google and Facebook to connect, they are absolutely safe.
In addition, passwords are encrypted, so hackers will have difficulty cracking them, although this does not get away with the question for the time being. As a result, users are recommended to change their passwords as soon as possible, especially if the same credentials are used in other services.
"We do not believe this breach concerns access to database servers that are secured by public / private SSH key pairs. However, it did allow access to a system that contains a backup of the database tables, including this user data, ”the company said in a statement.
"We have secured this account, changed passwords for storage systems and added access logging to our backup system. We control all our security practices and have already taken steps to enforce authentication in 2 steps on Github, to restrict access to repositories and to improve password encryption ”.
What should be noted is that apart from usernames, passwords and emails, there was no risk to other data, as 8tracks does not store personal information such as credit card numbers, phone numbers or addresses. Therefore, if you change your password, you should be safe and it is recommended that you do this as soon as possible.