Coachella Valley, Music and Arts Festival, is a famous event that is attended by a large number of citizens. In this regard, they are required to register on the Coachella festival website and provide personal as well as financial information to buy tickets.
Recently, the website admins have announced that the site has undergone a data breach and possibly the information of registered users has been compromised. According to the official announcement made by the festival authorities, they have already started the investigation process and it is confirmed that none of the financial data has been compromised or stolen.
The released statement has been emailed to registered users. AEG, the company that runs Coachella festival, has stated that they suspect the involvement of unauthorized third parties in illegally obtaining access to critically important user data including username, first name, last name, shipping addresses, phone numbers, email IDs and dates of birth.
The email sent to registered users also confirmed the company’s findings so far:
“Based on our investigation, no financial information was accessed [and] we have confirmed that no user passwords were stolen. [The festival] has taken measures to block further unauthorized access.”
Furthermore, the company has also reported this incident to authorities. In the statement, AEG has urged users to stay cautious as they may be targeted through phishing attacks in which fake emails can be sent to them as their usernames and email IDs have been stolen. It is possible that hackers try to exploit the acquired information by impersonating as Coachella personnel and asking you to download some file or visit a link. Users need to beware that Coachella will not contact through email and ask for clicking on any specific link/file attachment.
Moreover, it was categorically clarified by the company that ticketing purchase accounts are completely safe, but it is recommended that festival attendees change their passwords.
It must be noted that on 22nd February, Motherboard reported that around 950,000 Coachella accounts are already being sold on the Dark Web for just $300.
Tony Gauda, CEO of ThinAir commented on the issue and said that “The Coachella breach goes to show you that it isn’t only Fortune 500 companies and government agencies being targeted by cyber criminals – it’s any website that collects email credentials. Consumers who reuse email credentials are especially at risk during these attacks. While hacking larger organizations may be more lucrative, their defenses are also far more advanced, which has lead hackers to target lower hanging fruit increasingly. Anyone who registered for the music festival is now a target for highly customized phishing campaigns, opening the door for subsequent attacks and additional breaches. Until organizations take steps to secure their customers’ information with the same level of security they apply to their physical assets, breaches such as this one will persist.”
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.