Hacking Of TuneCore Record Label Puts Millions of Musicians at Risk

TuneCore, an online music distribution/record label service on Friday, disclosed that its database was breached by the hackers and some of its customers’ personal information have been compromised, which include millions of musicians data. The company said that they have since been working with a cybersecurity firm as well as federal authorities to resolve the matter.

TuneCore is the latest in the list of high-profile attacks that has been carried out in recent times. It now joins the list of the already breached servers of Sony pictures, Home depot, Office of Personnel Management (OPM) and U.S. State Department.

Although no music files were stolen, TuneCore says that the hackers might have taken names, email addresses, mailing address, account numbers and passwords that were stored in protected form. While TuneCore customers’ full financial information is never stored, the hackers may have obtained its customers’ billing addresses and addresses of banks, as bank account numbers, bank routing numbers, and the last 4 digits of credit card numbers.

According to the company, the liaison between the parties was not breached, as TuneCore uses a third party to process their credit card and banking transactions.

“Based on our investigation, this process with our third party vendor was not compromised in the attack,” a spokesperson told Billboard.

The actual fallout could take weeks or months to understand how much data was actually stolen from the TuneCore and of how much significance it will actually have. Even though no music files were stolen there won’t be any damaging leaks from the hack, the hackers could use the passwords to break into other accounts that employ the same login credentials.

While TuneCore has already invalidated passwords, it has asked its users to log into their account as soon as possible and select another new password and also keep an eye over their bank statement and credit card transactions, if they find any unusual activity report it to the authorities.

“You should also change your password on any other accounts or websites that share your previous TuneCore password.” cautioned TuneCore CEO Scott Ackerman.

The unfortunate breach follows cracks at Spotify, Patreon, and Songkick in recent months, among others. In January 2014, customer information was accessed from RevebNation, though no credit card info was leaked. Sony was the subject of two high profile hacks – first in 2011 when its PlayStation Network was breached and then last year when it thought North Korea was behind an attack on Sony Pictures and pulled The Interview from theaters in addition a lot of internal memos and communications that were leaked to the public.