The sensitive information of some leading artists has been compromised in data breaches witnessed by the world's biggest online music market. Reverb was infringed after an unprotected database containing consumer details has been leaked online.
Reverb.com is a marketplace for modern, used, and antique music equipment online. David Kalt founded this website in 2013, shortly after acquiring Chicago Music Exchange, but was disappointed with the then available choices for online acquisition and sale of guitars. With even more than 10 million monthly visitors and $47 million in revenue, it has developed into a multimillion-dollar company.
Reverb clients recently received data breach notices which stated that customer details, comprising customer names, addresses, telephone numbers, and email addresses, were leaked as millions of records of the company were found on the web by an independent cybersecurity advisor Volodymyr "Bob" Diachenko on the unprotected Elasticsearch servers.
Although the notice from Reverb does not clarify how the data was disclosed, Bob Diachenko, Security Researcher puts a different spin on what has happened. Diachenko claims he found a publicly revealed Elasticsearch server, which had over 5.6 million documents.
"To confirm my thought, I ran a quick check and was able to find several high-profiled sellers’ details, including Bill Ward of Black Sabbath, Jimmy Chamberlin of the Smashing Pumpkins, Alessandro Cortini of Nine Inch Nails and more," explained a report by Diachenko.
The researcher presumes that it refers to sellers instead of tourists because of the scale of the database and its layout. Specifically aimed phishing attacks are the principal threat to users whose data have been exposed. These include e-mails, texts, or even phone calls. To convince victims to disclose additional information, including usernames and passwords for their account or payment details, scammers can pose as reverb or a related business. It is a problem that consumer shopping IDs are revealed as they can be used to legitimize fraudulent letters.
One must bear in mind that cybercriminals may use other data exposure information to learn more about possible suspects. This might make phishing attempts particularly persuasive. Customers must check for such messages and prevent opening links or attachments in unwanted emails or texts.
If a database researcher can locate the database, it might also be detected by a threat actor if the database were not guarded. In this context, it is better to presume that user information has been exposed and that they are looking for potential e-mails with this information. Reverb does not reset user passwords as seen in this violation, since they have not been exposed. Reverb further suggests that users must reset their passwords regularly for increased protection.