8tracks.com
  • Total Records17,973,711
  • Unique Emails17,830,268
  • Unique Email Providers304,510
  • Unique Usernames17,790,828

8tracks 2017 Data Breach: What Happened and What Was Exposed?

In June 2017, 8tracks—an online playlist sharing service—announced that it had suffered a significant data breach affecting millions of users. The breach occurred when attackers exploited an unsecured employee GitHub account, which provided them with access to sensitive user data. As a result, nearly 18 million user records were exposed, including usernames, email addresses, and salted SHA-1 password hashes. Users who registered with traditional email and password—rather than using Google or Facebook login—were affected by this incident. This breach remains one of the notable security incidents to impact a music-focused online community.

What Led to the 8tracks Data Breach?

The breach was traced back to an employee's GitHub account that was not properly secured. Attackers were able to leverage this access to reach backend systems containing user data. Details surfaced that a subset of accounts, specifically those not utilizing third-party authentication, had their details compromised as a direct result of this vulnerability.

What Information Was Compromised?

The attackers obtained a database of approximately 17,973,712 user records. The exposed data included the following fields:

  • Usernames
  • Email addresses
  • Salted SHA-1 password hashes
  • Password salt data

It’s important to note that only those who registered with an email and password, rather than via Google or Facebook, had their password hashes exposed. No payment or financial data was reported as compromised.

Timeline of the 8tracks Breach

  • Early 2017: The breach began with attackers obtaining credentials from an employee's GitHub account.
  • June 2017: 8tracks publicly disclosed the incident and confirmed the extent and nature of the compromise.

The company acted quickly to address the issue, secure the affected systems, and notify users.

Number of Affected Users

The breach impacted nearly 18 million users. Specifically, 17,973,712 email and password hashes were exposed, making this one of the larger security events among music and lifestyle websites.

Frequently Asked Questions About the 8tracks Breach

What happened in the 8tracks data breach?

In June 2017, attackers accessed an unsecured employee GitHub account, leading to the exposure of nearly 18 million user records, including emails and hashed passwords, for those not using Google or Facebook sign-in.

How many users were affected by the 8tracks breach?

The breach impacted 17,973,712 user accounts, with usernames, email addresses, and salted SHA-1 password hashes compromised.

What user data was leaked in the 8tracks breach?

Compromised data included usernames, email addresses, salted SHA-1 password hashes, and associated salt values. Only accounts registered with traditional email sign-up were affected.

Who was behind the 8tracks data breach?

The breach was carried out by attackers who exploited an unsecured employee GitHub account, providing access to sensitive user credentials stored by 8tracks.

How can I check if I'm in the 8tracks breach?

You can check if your information was part of the 8tracks breach by utilizing the DeHashed search engine.