Beloved internet radio and playlist service 8tracks has been hit by hackers who stole account details for millions of its users, with data going back all the way to 2008.
It isn’t clear exactly how many users are affected: Breach notification site LeakBase told Motherboard that the full database that’s being traded on the Dark Web includes about 18 million accounts, and provided the outlet with about 6 million usernames, email addresses and hashed passwords.
Are you in trouble? It’s possible that hackers might be able to crack the passwords that are hashed using the SHA1 algorithm; worse, if you’ve used the same details on other sites, they might be able to access those accounts too. However, no credit card information was accessed.
8tracks noted that an employee’s Github account – not locked down with two-factor authentication – served as the vector for the attack.
If you’re registered with 8tracks, you’ll want to change your password (and if it’s the same as on other sites, change those too) and consider using two-factor authentication with as many services as possible to stay safe.