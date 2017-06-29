MUSIC STREAMING SERVICE 8tracks has been the latest victim of a cyberattack, with the loss of 'millions' of customer details.

An announcement on the company blog yesterday confirms: "We received credible reports today that a copy of our user database has been leaked, including the email addresses and encrypted passwords of only those 8tracks users who signed up using email.

"If you signed up via Google or Facebook authentication, then your password is not affected by this leak. 8tracks does not store passwords in a plain text format, but rather uses one-way hashes to ensure they remain difficult to access. These password hashes can only be decrypted using brute force attacks, which are expensive and time-consuming, even for one password."

David Porter from 8tracks explains that the company believes that an employee left some markers on his GitHub account, which wasn't set up for two-factor authentication, and that it was this that was hacked, making it easy for the perpetrators to hack the real site.

8tracks is a music service that offers playlists curated by users consisting of at least… well, eight tracks. It has a huge cult following but is also, for the most part very secure.

Users signing up with either Google or Facebook don't need to worry at all. Those who have signed up directly have very little personal information at risk and even changing the password can be considered as a precaution.

What there is to take away from this is that even the most secure sites can have a disastrous infringement if just one muppet doesn't lock things down tight enough. GitHub users of all people should know that their data needs to be protected.

Users are advised to change passwords to be on the safe side, not to use the same password on every site and, wherever possible, to use two-factor authentication such as an Authenticator app, SMS or a FIDO key. µ