Are you a client of 8Tracks? We encourage you to change your password

Millions of music-lovers that have become members of the 8tracks service are now facing a rather unpleasant situation as their credentials have been leaked. 8tracks published a statement informing their clients of a security flaw that ended in a publication of users’ email addresses and passwords. While the service operates with more personally-identifiable information like credit card details which clients employ to pay for the monthly-fees, this sensitive info was not involved in the breach.

8tracks continued on emphasizing that they do not save passwords lightly: they encrypt them with SHA-1 algorithm which prevents them from learning the actual credential. While this is not bad news, we could not explain it as a very good one either. SHA-1 is not the most sophisticated tool for file-encryption as there are methods to decrypt this data.

The service itself denies the possibility of being hacked in a big sense, but rather describes a possibility that the source of their backups was compromised. In the backup storage, they also kept the details that were publicly-released. The incident occurred presumably because the service was not protected by two-factor authentication which is recommended by many security researchers and even users themselves. If the website you have an account in provides you with an opportunity to assign two-factor authentication, we suggest you not to waste this chance. With this measure applied, hackers have very little chance to hack your account and to compromise your cybersecurity.

Even if it is possible that the breach won’t catch hackers’ eye and they won’t attempt to reverse encryption of the passwords, 8tracks clients are highly-advised to assign new passwords for the service. If you re-used your 8tracks credential for multiple other accounts, you are to immediately change them as well. Since there is a way for hackers to determine your exact password, every account that uses it is put in jeopardy.

Not all 8tracks users are to be concerned about this breach. If you have connected to 8tracks via Google or Facebook, your passwords and email addresses are secure. Nevertheless, this incident serves as a perfect opportunity for us to remind our visitors that they should never assign a password for more than one account. Your every account has to be properly protected by an original credential that would contain not only letters but also numbers. Create complex combinations that would be extremely difficult to crack.

Data-breaches are becoming more and more frequent thanks to elaborate hacking techniques or, as in the case of 8tracks, due to poorly-protected databases. If the service would have exploited two-factor authentication, none of this would have happened.

Source: infosecurity-magazine.com