Online Music Marketplace Suffers Data Breach

Online Music Marketplace Suffers Data Breach

A data breach at the world’s largest online music marketplace has exposed the personal details of high-profile musicians.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

Information belonging to Bill Ward of Black Sabbath, Jimmy Chamberlin of the Smashing Pumpkins, and Alessandro Cortini of Nine Inch Nails was among the data exposed in the security incident at Reverb.com.

Millions of the retailer’s records were discovered online in an unsecured Elasticsearch server by independent cybersecurity consultant and securitydiscovery.com owner Volodymyr “Bob” Diachenko.

Sharing details of the breach on LinkedIn on April 23, Diachenko said he had found 5.6 million exposed Reverb.com records containing full names, email address, phone numbers, addresses, PayPal email addresses, and listing/order information. 

When the cybersecurity consultant first came across the cache of unsecured data on April 5, he wasn’t sure who it belonged to.

“At first, it wasn’t immediately clear who owns this and what type of data it is, so I put it on a shelf—until now. Since the discovery the IP with database was taken down,” said Diachenko. 

“Upon closer inspection I noticed that there are many ‘test’ emails coming from @reverb.com domain. I decided to verify shop slugs against real URLs on Reverb site and quickly confirmed the initial thought—it was all Reverb users’ data.”

Reverb.com is an online marketplace for new, used, and vintage music gear with its headquarters in Chicago, Illinois. The company was founded in 2013 by Chicago Music Exchange owner David Kalt and has more than 10 million monthly visitors. 

Diachenko said the exposure of the data could make Reverb.com users vulnerable to cybercrimes, including phishing attacks carried out over email, text, or on the phone. 

“Scammers might pose as Reverb or an associated company in an attempt to persuade victims to divulge additional information such as account login credentials or payment details,” said the consultant.

“The fact that customer shop IDs were exposed is troublesome as these can be used to make fraudulent correspondence look legitimate.”

He added that cyber-criminals could cross-reference data leaked in this breach with information exposed in other breaches to gain enough details to make their phishing attempts “extra convincing.”

By admin