Data breaches are far from uncommon in the day and age we live in, yet some are more eye-catching than others. For instance, a self-described “Data Broker” listed 950,000 Coachella user accounts on a darknet marketplace. Database breaches and the darknet go hand-in-hand; hackers have an anonymous platform to distribute their stolen data. Mainly, based on the number of people with interest in the event, news of the breach spread more rapidly than normal. Mainstream media began to pick the story up.
The accounts, according to the hacker, came from Coachella Music & Arts Festival‘s website. Motherboard tested 20 accounts, Joseph Cox claimed, but testament to the full dumps validity exists. Cox wrote that the “hacker” (self-described “data broker”) generously sent 10,000 accounts to Motherboard. This tactic works in multiple fashions. For instance, if the beach prices real, the hacker gains credibility. This is especially important for hackers with little to no name recognition.
And possibly more importantly with healthcare related breaches, this increases the value of the product.
The data broker of relevance to the database dump went under the pseudonym “Berkut“ on the Totchka marketplace.
“The Coachella accounts goes to show you that it isn’t only Fortune 500 companies and government agencies being targeted by cybercriminals—it’s any website that collects email credentials,” Tony Gauda, CEO of ThinAir, told InfoSecurity. “Consumers who reuse email credentials are especially at risk during these attacks. “
Berkut listed 950,000 accounts on Totchka with the title “Coachella complete database dump from this month.“ He wrote that 360,000 accounts came from Coachella’s main website. The other 590,000 accounts came from the Coachella message boards or forums. He alleged that the forum accounts contain more personal information about the victim.
The information from the main site consisted of users’ emails, passwords and usernames. However, according to the data broker, the forums contained information like IP addresses. No part of the dump contained payment information, Cox wrote. He went on to explain that he contacted several of the people with from the free 10,000 accounts Berkut gave Motherboard. “Yes I’ve used Coachella’s website in the past when I went to the festival, probably 2010, or 2012,” someone told Motherboard in an email.
Berkut listed the dump for $300—however, his profile page no longer contains the listing of the Coachella information. Coachella never returned any requests for comment from Motherboard and likely will avoid us too.