Indie Music Distributor TuneCore Gets Popped

TuneCore CEO Scott Ackerman notified all users around midnight on Dec. 4 that their accounts had been hacked three weeks earlier.

"We recently discovered suspicious activity on TuneCore's servers in November," he said in an email to customers. The intruder extracted the data on Nov. 17.

It appears passwords stored on the compromised servers weren’t strongly encrypted.

“Although TuneCore passwords were stored in a protected form, it is possible for a determined hacker, with sufficient time, using advanced computing tools, to recover those passwords,” the company’s website states.

The attackers obtained access to customer names, addresses, email addresses, account numbers, and passwords.

They also compromised billing addresses; the last 4 digits of credit card numbers and their expiration dates; bank names; the last 4 digits of bank account numbers; the last 4 digits of bank routing numbers; and the name and address associated with the bank account on file.