ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Soundwave Data Breach

soundwave.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 130,705
Breach date 16 Jul 2015
Added to tracker 17 Mar 2017
Data classes 7

What happened

In approximately mid 2015, the music tracking app Soundwave suffered a data breach. The breach stemmed from an incident whereby "production data had been used to populate the test database" and was then inadvertently exposed in a MongoDB. The data contained 130k records and included email addresses, dates of birth, genders and MD5 hashes of passwords without a salt.

Exposed data

Dates of birth Email addresses Genders Geographic locations Names Passwords Social connections

Recommended actions

  • Change your Soundwave password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Soundwave — attackers weaponise breach data quickly.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP