What surprised me wasn’t the breach itself, but a date in the first paragraph explaining what had happened:
“ReverbNation was recently contacted by law enforcement and alerted that an individual had illegally sought to gain unauthorized access to some of our customer’s user data. In January 2014, an individual, who has since been identified and charged, illegally accessed a ReverbNation vendor’s computer systems and ultimately gained unauthorized access to user information contained in a backup of our database.”
Really? January 2014???! That’s over one and a half years ago.
According to ReverbNation, no credit card data was compromised. However, “possibly other user information users provided to us, such as names, addresses, phone numbers, and/or dates of birth may have been accessed.”
Possibly? May have been???! There’s a trend here.
I’ve been a big fan of ReverbNation (ever since making my own musician profile there several years ago), but I am naturally skeptical that ReverbNation can be so sure about no credit card data being compromised at the same time it is so unsure about the status of names, addresses, phone numbers, and/or dates of birth.
This was a breach not detected until more than 18 months after it occurred – and not detected at all internally. It’s safe to assume that, had law enforcement not discovered the breach some other way and alerted ReverbNation to the situation, they might never have known. And neither would the site’s users.
How to Change Your ReverbNation Password
- Log in to reverbnation.com.
- From your Dashboard, click on your profile image in the top right of the screen.
- Select “Account.”
- Select “Change Password” in the top right of the screen.
- Enter the requested information, and click “Proceed.”
- You should immediately receive a ReverbNation email notifying you of the password change.
In closing, if you are part of a business that intends to have any customer information whatsoever stored through your website, you are not immune to attacks. So do something about it. Right now.