ReverbNation – an online platform that currently assists more than three million musicians in building their careers – experienced a breach in 2014, and is now notifying an undisclosed number of users and asking them to change their passwords.
According to a ReverbNation statement emailed to SCMagazine.com on Thursday, law enforcement recently notified the company that an individual, who has been identified and charged, may have illegally gained access to customer data.
The perpetrator “illegally accessed a ReverbNation vendor's computer system which permitted the individual to access a backup of the company's database on a separate cloud storage facility, ultimately allowing the individual to gain unauthorized access to user information in approximately January of 2014,” the statement said.
The California data breach notification website posted two notifications: a written notice to California residents, and an email notice to California residents.
The written notice stated that the information in the database may have included names, Social Security numbers, employer identification numbers, email addresses, encrypted passwords, postal addresses, phone numbers, dates of birth, and possibly other information.
The email notice was similar to the written notice, but did not mention some of the aforementioned information, including Social Security numbers and employer identification numbers. The written notice also explained that the date range of unauthorized access was, at most, January 2014 to May 2014.
“As a precaution ReverbNation is recommending that all affected users who created a site account prior to May 1, 2014, and who received notification from ReverbNation (either via U.S. Mail or email), change their site passwords and passwords on any other platform which share their ReverbNation password immediately,” the statement said.
In the written notice, ReverbNation said that steps have been taken to further secure its system against breaches.