You know the drill by now: A website was hacked, personal information may have been stolen, and now a company will have to make promises about the future of its cybersecurity. The target this time? Folks who have accounts on the website of music festival Coachella.
On Feb. 22, Motherboard reported someone was selling data—including hashed passwords, usernames and email addresses—on 950,000 Coachella.com accounts. Nearly a week later, concert-promoter Goldenvoice sent an email to account holders to let them know.
According to the email, “usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth” were taken, but it was “confirmed that no user passwords were stolen,” and “no financial information was accessed.”
Goldenvoice said Coachella has since implemented strategies to prevent hackers from barging back into the system, but also warned account holders of phishing emails sent from supposed Coachella staff.
“Please remember that Coachella will never solicit personal information or account information from you via email,” the Goldenvoice email noted. “Please exercise caution if you receive any emails or phone calls that ask for such information, or direct you to web sites where you are asked for personal or financial information.”
No passwords were stolen, according to the email, but per the usual advice, it might be a good idea to change them anyway.