The electronic band’s, Faithless, website got hacked and the details of fans had been sold on the dark web. The sold data contains the usernames and the passwords used for accessing the site. These kinds of high-profile cyberattacks have become pretty common in the past year or two, experts claim that hackers are likely to breach other music websites as well.
CyberInt, a cybersecurity company who spotted the breach of Faithless first, claims that the hackers uploaded malware through SQL injection to faithless.co.uk. Although the breach was revealed back in September, CyberInt uncovered the cyberattack just now. When using an SQL injection, the attacker can execute malicious SQL commands that control a web application’s whole database server. This kind of attack could affect any website or web application that uses an SQL-based database. SQL injection is a quite common attack type by hackers and a well-known vulnerability among website admins and tech savvies. Elad Ben-Meir, vice-president of marketing at CyberInt, told the media:
“We have a system that collects cyber threat intelligence in real time, and as part of our work we uncovered a Faithless database being sold on the dark web, and we flagged it up with them. I think they fixed the issue but they didn’t quite go out and tell anyone that, so that leaves their fans, about 18,000 people, unaware that their private information has been compromised. Although the actual details for sale on the Dark Web are likely to sell for only a few hundred dollars, they could end up costing unlucky music fans far more.”
The hackers could not only use the account details to login to Faithless’ website, but they can also acquire the victims’ personal details by using different methods. Ben-Meir added this statement:
“The fraudster will send the fan a spoof email asking the victim to open an attachment or follow a link to a fake phishing website. Once the attachment is opened or the link clicked, the hacker could gain additional information about the fan or event take control of the fan’s computer.”
According to him, the hack “could signal the start of a new trend of attacks on the UK’s £3.5bn a year music industry”.