A Day After Coachella Database Is Hacked, Lady Gaga Announced To Replace Beyoncé
Gaga tweeted the news Tuesday: "Let's party in the desert!" After Beyoncé cancelled her performance due to her pregnancy with twins, secondary ticket prices reportedly dipped over 10 percent for the annual desert festival, which takes place April 14-16 and April 21-23.
It wasn't the only news involving Coachella this week. In an email to those with user accounts on its website, festival officials "recently discovered that third parties illegally gained access to the usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth individuals provided." No passwords or financial information was stolen, according to the statement.
The hack was first reported last week by Motherboard, which pointed out that some 950,000 accounts — the majority for Coachella's message board — were being sold on the dark web, including hashed (or encrypted) passwords. A request for clarification from Goldenvoice on whether passwords were or were not stolen referred NPR back to the statement the company issued, in full below.
Neither Coachella, its owner Goldenvoice, or Goldenvoice's owner AEG addressed the hack on social media or coachella.com.
Even if passwords weren't accessed during the hack, account holders' email addresses could be targeted with phishing emails that appear as if they're from Coachella. The same method, called "spear phishing," resulted in the hack of Hillary Clinton's presidential campaign chairman John Podesta.
Their statement in full:
We recently discovered that unauthorized third parties illegally gained access to the usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth individuals provided to Coachella. We have confirmed that no user passwords were stolen.
Based on our investigation, no financial information was accessed and, there is no indication that customer financial information has been disclosed.
We have taken measures to block further unauthorized access, and reported the matter to the appropriate authorities for further investigation.
We regret any inconvenience this incident may have caused.
If you have any questions, please contact firstname.lastname@example.org. Please be aware that you may be targeted by phishing emails sent from people impersonating Coachella personnel. Please remember that Coachella will never solicit personal information or account information from you via email. Please exercise caution if you receive any emails or phone calls that ask for such information, or direct you to web sites where you are asked for personal or financial information. Festival ticketing purchase accounts were not affected by this incident, however festival attendees may want to consider changing any passwords that they have shared with others.
Updated, 12:49 p.m., Mar. 1: This article was updated to include Coachella's full statement on the hack and its response to questions on whether passwords were included as part of it.
Copyright 2021 NPR. To see more, visit https://www.npr.org.