ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

8tracks Data Breach

8tracks.com
Major exposure
Verified breach Passwords exposed
Accounts exposed 17,979,961
Breach date 27 Jun 2017
Added to tracker 16 Feb 2018
Data classes 2

What happened

In June 2017, the online playlists service known as 8Tracks suffered a data breach which impacted 18 million accounts. In their disclosure, 8Tracks advised that "the vector for the attack was an employee’s GitHub account, which was not secured using two-factor authentication". Salted SHA-1 password hashes for users who didn't sign up with either Google or Facebook authentication were also included. The data was provided to HIBP by whitehat security researcher and data analyst Adam Davies and contained almost 8 million unique email addresses. The complete set of 18M records was later provided by JimScott.Sec@protonmail.com and updated in HIBP accordingly.

Exposed data

Email addresses Passwords

Recommended actions

  • Change your 8tracks password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing 8tracks — attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP