News broke earlier today that Internet radio service 8tracks was hacked earlier this week, and attackers managed to extract no less than 18 million accounts, including usernames, hashed passwords, and email addresses. In a message posted on the company’s blog, 8tracks confirms the hack, and says that it all started from an employee’s Github account that was not using two-factor authentication. IT admins became aware of the hack once the attackers attempted to change the password of the Github account, they say.
Commenting on this, Ryan Wilk, Vice President at NuData Security said:
“This is a consumer conundrum to keep track of passwords, change passwords, make sure you are not using the same password across accounts on the internet, and this attack proves why it is so important right now. Alerting consumers to breaches and getting them to change passwords right away is a losing proposition and in the end, it is the consumers themselves that pay the consequences. Password management services are helpful in this area, but it is really incumbent upon online companies to protect consumers. Site owners need to evaluate a multi-layer authentication framework that can leverage the user’s natural behaviours combined with behaviour analytics and passive biometrics to give companies the optimum chance of verifying actual users. While hackers will continue to steal passwords and credentials to commit fraud or steal money, they are not able to replicate behaviour.”