A Dark Web data trader claims to be selling more than 950,000 user accounts for the website of popular US music festival Coachella, including email addresses, usernames and hashed passwords. It opens the door for a rash of follow-on phishing attacks.
Motherboard is reporting that the data is being sold for a mere $300 on the Tochka marketplace.
"Coachella complete database dump from this month," said the hacker, who uses the handle Berkut, in his or her listing. Berkrut said that 360,000 of the accounts relate to the main Coachella website, and another 590,000 concern the message board, with the latter including user IP addresses.
Motherboard gained a sample of more than 10,000 accounts, and was able to independently verify the data by attempting to create new accounts on Coachella.com with a random 30 of the provided email addresses—each one was already linked to a current account on the site. The good news is, payment information was not included.
Coachella is held annually in the spring in Indio, Calif., just outside Palm Springs in the desert. It regularly draws big names, like Dr. Dre & Snoop Dogg, Guns n Roses, Radiohead, and, this year, Beyoncé.
“The Coachella breach goes to show you that it isn’t only Fortune 500 companies and government agencies being targeted by cybercriminals—it’s any website that collects email credentials,” said Tony Gauda, CEO of ThinAir, via email. “Consumers who reuse email credentials are especially at risk during these attacks.”
While hacking larger organizations may be more lucrative, their defenses are also far more advanced, which has led hackers to increasingly target lower hanging fruit, he added.
Anyone with an account with Coachella should be extra-vigilant when it comes to dodgy emails.
“Anyone who registered for the music festival is now a target for highly customized phishing campaigns, opening the door for subsequent attacks and additional breaches. Until organizations take steps to secure their customers' information with the same level of security they apply to their physical assets, breaches such as this one will persist.”