Coachella is a pretty big deal. The two-weekend event will draw six-figure crowds and generate hundreds of millions of dollars in spending. This year’s festival kicks off in just a few more weeks… which makes the timing of the Coachella website getting hacked particularly dangerous.
Goldenvoice, the company that promotes Coachella and operates the website, emailed a statement to its users Tuesday to break the news. According to the email, an attacker gained access and a database containing user information was downloaded. Goldenvoice assured that no payment details were stored in the database and that users’ passwords were not leaked.
Goldenvoice is correct in saying that no passwords were stolen, though password hashes were. A hash is produced after the actual password is run through a cryptographic routine. That process needs to be reversed in order for someone to see a password, and that can require quite a bit of computational effort to do depending on how the hashes were created.
The company says that they’ve already “taken measures to block further unauthorized access and reported the matter to the appropriate authorities.”
In the email notice that was sent to users, Goldenvoice also cautioned users to be on the lookout for phishing emails from individuals impersonating Coachella. That’s a good approach for any business that’s suffered a breach to take, but it’s especially important when a cybercriminal is actively looking to cash in on the attack.
According to a report last week from Motherboard’s Joseph Cox, the compromised data has already surfaced on the Dark Web. Someone is selling a collection of 950,000 Coachella records, and Cox was able to verify that the data was legitimate.
While there’s a chance that no one will ever bother to crack your Coachella password, it’s better not to take chances. Head over to the Coachella Accounts page on the Coachella website and update your password… even if you haven’t been to the concert itself in years. An old password can come back to haunt you, particularly if you’ve re-used it on other websites.
Source: SANS ISC SecNewsFeed @ March 1, 2017 at 08:36AM