Earlier this week, the website of British dance group Faithless (faithless.co.uk) was hacked leaving the personal information of some 18,000 fans compromised.
The attack was carried out via SQL injection, a common malicious exploit, which allowed it to get past the website’s defences. The breach was spotted by white-hat security firm CyberInt last September, but it wasn’t until Monday that it was fully confirmed.
In a statement to The Independent, CyberInt’s vice president of marketing Elad Ben-Meir confirmed that the exploit had taken place and that the personal information of some 18,000 people were now compromised.
“We have a system that collects cyber threat intelligence in real time, and as part of our work we uncovered a Faithless database being sold on the Dark Web, and we flagged it up with them. I think they fixed the issue but they didn’t quite go out and tell anyone that, so that leaves their fans, about 18,000 people, unaware that their private information has been compromised.”
While new generations of dance music fans might not be too familiar with Faithless and their work, the group has long been considered pioneers in British dance music having sold around 12 million records worldwide in two decades together.
For fans of Faithless, the security breach is only just the beginning as the data that has been leaked (consisting of personal email addresses and passwords to log into the Faithless website) are now being sold on the Dark Web. While the email and passwords are likely to sell on the Dark Web for several hundred dollars, other personal information may also be at stake as even such limited information (email address and music tastes) can be valuable to cyber criminals.
“The fraudster will send the fan a spoof email asking the victim to open an attachment or follow a link to a fake phishing website. Once the attachment is opened or the link clicked, the hacker could gain additional information about the fan or event take control of the fan’s computer.”