Streaming radio service Pandora is alerting some of its users that their accounts are at risk of being compromised owing to a breach in a different service from a few years ago.
So no, Pandora’s systems weren’t hacked. But the company noted that some Pandora accounts were listed in a data dump that was recently released to the public.
This sort of thing is more common than we’d like to believe. Hackers routinely collect account details, whether by hacking into networks or by other methods like phishing, and sell them in bulk on the Deep Web.
Just last month, a Russian hacker had posted 32 million Twitter account credentials for sale at 10 Bitcoins (nearly $6,000 at the time).
The danger in such incidents is that many people use the same username and password across multiple services. So even if Pandora wasn’t hacked, it’s possible that another service you use with similar credentials was breached, and an attacker could gain control of your account and lock you out of it.
Pandora has emailed affected users about the issue and recommended that they change their passwords immediately. If you’re subscribed to the service, you’ll want to do so right now.