Promoters of the Coachella Music Festival have confirmed details of nearly one million attendees have been leaked from its database, but said payment information is not among the stolen data.
Reports of a massive data breach first appeared at the end of February, with Motherboard reporting the information of some festival goers could be bought on the dark web for just $300.
Coachella confirmed the stolen data includes registrants' firstnames and surnames, usernames, shipping addresses and email addresses, phone numbers and dates of birth.
This cache of information is enough for criminals to put together several types of scams and criminal activity. Reports have already started appearing of phishing attempts, while the full name, address and date of birth information could be put together to carry out identity theft.
However, as the data was stolen from the Coachella.com website and not the festival's ticketing site, users' credit card details were not stolen, said Coachella, meaning payment fraud isn't an immediate threat.
In a statement reported by IQ magazine, festival promoter Goldenvoice admitted the breach, saying it has "taken measures to block further unauthorised access and reported the matter to the appropriate authorities for further investigation".
Commenting on the lost data, Chris Boyd, malware intelligece analyst at Malwarebytes, said: "[The breach] opens the door to very personalized phishing attempts. Smooth criminals will no doubt fire off some fake refund/special festival deals at people who may not know about [it]."
"The good news is, no payment information was compromised - but by the same token, cards can be canceled and replaced. It's a bit trickier to replace the information [that was] swiped ... to varying degrees of difficulty and/or time-wasting inconvenience.
"If you're off to Coachella this year, have a good time and remember to go directly to the source where all email missives are concerned," he added.
Picture credit: Bigstock
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
JD Sports details cyber security revamp following January attackNews It hopes a multi-vendor approach will substantially improve its cyber resilience
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
96% of CISOs without necessary support to maintain cyber securityNews Security professionals are leaving due to stress, and called out lack of understanding from co-workers
-
Employees behaving badly?Whitepaper Why awareness training matters
-
Freshworks CISO Jason Loomis embraces the ‘shift left’ amid surging supply chain threatsCase Studies Fewer than 100 days in the role, Jason Loomis reveals his plans for the future of security at Freshworks, and discusses the rising threat of API vulnerablities
-
CISOs reveal secrets to pandemic success in critical organisationsNews The pandemic presented unique challenges for every business, but organisations tasked with delivering critical services may have worked the hardest
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
