8tracks is the latest digital service to fall victim to an attack by hackers.
“We received credible reports today that a copy of our user database has been leaked, including the email addresses and encrypted passwords of only those 8tracks users who signed up using email,” wrote CEO David Porter in a blog post.
“If you signed up via Google or Facebook authentication, then your password is not affected by this leak.”
Tech site Motherboard has more details on the scale of the leak, claiming that it obtained a dataset of around 6m usernames, email addresses and ‘hashed’ passwords (i.e. not stored as plain text, so harder to crack) from a site called LeakBase. The latter company claims that the full dataset includes around 18m accounts.
“We have found what we believe to be the method of the attack and taken precautions to ensure our databases are secure,” wrote Porter.
“8tracks does not store sensitive customer data such as credit card numbers, phone numbers, or street addresses.”
However, users are being advised to change their passwords on both 8tracks and any other sites on which they used the same password.