Over 950,000 user account details for Coachella Music and Arts Festival’s website are being sold on the dark web, according to reports.
The data vendor, who goes by the pseudonym “Berkut,” listed the details on the dark web marketplace Tochka with the description “Coachella complete database dump from this month,” for only $300.
360,000 of those account credentials, according to the listing, are linked to the main Coachella website while 590,000 relate to the message board.
Both sets of data contain email addresses, usernames, and hashed passwords, but the latter allegedly has such crucial information as user IP addresses as well.
Luckily, the data breach did not compromise payment databases.
A media entity obtained 10,000 of those sets of login credentials, and, in a bid to verify their legitimacy of the dark web vendor, used a random 30 of them to open new accounts.
True to form, each one was linked to an existing website, with randomly selected usernames also corresponding to real accounts.
Using the emails provided by the dark web vendor, the website reached a few of the victims, who indeed confirmed they had user accounts with the website.
“Yes I have used the website in the past,” one user said, seemingly forgetting the exact year between 2010 and 2012 they had last logged onto the website.
Coachella Valley Music and Arts Festival is held annually from 14th to 16th and 21st to 23rd of April in Indio, California, and usually attracts dozens of A-list celebrities and tens of thousands of fans.
Last year’s lineup had the likes of pop singer Katy Perry, Modern Family’ star Ariel Winter, Jaden Smith, and Amber Rose in attendance; sold 198,000 tickets; and grossed $94 million.
This year’s star-studded lineup features Radiohead and award-winning rapper Kendrick Lamar.
The data breach comes as the first of its magnitude for the now 17-year-old series festival.
According to Tony Gauda, CEO of ThinAir, who spoke to Cyber Risk Insurance Forum, no one is safe from data breaches as long as they keep personal user details.
“The breach goes to show that it is not only government agencies and Fortune 500 companies being targeted by cybercriminals – it’s all websites that collect email credentials,” he said via email.
“Consumers who reuse login credentials are particularly at risk during these attacks.”
He reckons that, albeit no huge direct damage is bound to result from the breach, anyone whose details are in the database dump is now at risk of future phishing attacks.
When contacted, Coachella did not immediately reply to the reporting media entity.
Some details such as how and when the data was sourced thus still remain a mystery, but updates are likely to come.
A follow-on thread, “Someone Is Selling Coachella User Accounts on the Dark Web,” in the Coachella website’s forum, however, hints that the organization may have already tried taking action the same day the report came out.
The user who had started the thread observed that the message board went down for maintenance within 15 minutes of posting the thread.
Another user echoed the remarks avowing there could be no coincidence in that.
While it seems quite bizarre that the vendor offers the dump at such a low price, it is obvious that the mere presence of the dark web and the largely-anonymous Bitcoin payment system are inspiring costly attacks from even least-interested individuals.