Whoopsie, Coachella. A data trader is currently selling information from over 950,000 user profiles linked to the Coachella website and message board on the dark web. According to the anonymous seller the account information currently being sold (for $300 per copy) includes usernames, passwords, and email addresses.
Only 360,000 of the profiles are tied directly to Coachella.com, which would include payment information. The remaining 590,000 profiles are tied to a message board, but still include IP addresses.
I bet you’re thinking… ‘So what?’ or ‘I don’t care if someone out there knows I looked up if there’d be pad thai at the festival?” You should.
What is an IP address?
An IP address is a set of numbers assigned to your computer whenever you connect to the internet. Think of it as a social security number or an address for your laptop. This number is attached to everything you do on the internet. If given the number, people can find out a lot about you. Like what websites you visit, what Tasty videos you watch. Spooky.
Why does it really matter?
Identity theft – Your IP address provides a lot of information, like your internet provider, your browser information, and even router information, which could give them access to hack into your computer and get any of your offline information. Think: tax forms, social security numbers, passwords to everything. Someone could hijack your Netflix. Imagine what they could do to your recommendations.
Credit card fraud – On the same note as identity theft, if a hacker has your IP address, and you’ve previously checked out on an insecure site (Helloooo, Coachella and Target. We see you.) then your credit card information is at risk, and you could have a serious case of credit card fraud on your hands.*
Safety concerns – Your IP address is like your actual address in more ways than one, if you have a static IP address it can provide your physical location. That means hackers around the world, who bought your information, can also figure out exactly where you live. I don’t think anyone needs this danger explained.
What does it mean moving forward?
Coachella hasn’t made a comment on the hack, but Motherboard has confirmed the compromised email addresses are indeed linked to Coachella accounts and the seller’s claim is legitimate. The seller has not yet been identified.
Moving forward, it’s important to protect your passwords (and have companies protect your privacy, too) to protect all the music lovers out there. We’re hoping Coachella does some security upgrades.
*If this does happen, contact your credit card provider immediately. Usually there is some form of credit card protection that can help you out if you are the victim of credit card fraud. Also, never use a debit card online, these protections typically don’t exist for debit cards.