Pandora Radio Warns that Accounts Risk Being Hacked-Truth!
Summary of eRumor:
Many Pandora Radio users have been warned via email that their accounts are risk of being hacked.
The Truth:
Pandora hasn’t been hacked, but warnings about Pandora accounts that are at risk of being hacked are very real.
The threat actually circles back to a LinkedIn data breach that occurred in 2012. In May 2016, LinkedIn announced that personal data stolen from about 100 million users in the 2012 hack had been posted for sale on a “dark web” site:
In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members’ passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.
Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.
Alerts that Pandora users received about their accounts being flagged at high risk for hacking stem from the list of 100 million plus LinkedIn accounts that were hacked in 2012:
Our security teams have analyzed the LinkedIn credential data and our analysis indicates that your username was among those leaked onto the Internet. This username is the same on LinkedIn and Pandora. While you have probably already changed your password on the LinkedIn website you should also change your password on any other website where you used the same password, including Pandora. Password reuse, using the same password across websites, is one way that malicious entities attempt to gain unauthorized access to services, which is why it’s important to use different passwords with different accounts.
So, although the 2012 data breach didn’t directly involve Pandora, the radio streaming service crosschecked the leaked LinkedIn usernames to identify any Pandora accounts that used the same user name in order to warn listeners about an elevated threat.