Coachella music festival goers are being urged to change their passwords. Allegedly, more than 950,000 user accounts associated with the Coachella music festival are being sold on the dark web. The database dump is said to include usernames, hashed passwords and email addresses, but no payment data.

The company behind Coachella, AEG confirmed the news saying, "We recently discovered that unauthorized third parties illegally gained access to the usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth individuals provided to Coachella.”

Users were informed of the hack by email which also stated, “We have confirmed that no user passwords were stolen.” While it is technically true that no passwords were stolen in the breach, hackers were still able to steal password hashes. A hash is created after a password is run through a cryptographic routine and from there skilled hackers can reverse the process to see the actual password. This is why everyone who ever attended Coachella, and those planning on attending the upcoming festival, are being encouraged to change their passwords, especially those who use the same password across multiple websites.

Festival goers should also be on the lookout for phishing scams, as their email accounts or phone numbers may now be targeted. In a statement released by Coachella they remind attendees that Coachella will never use email to obtain personal or account information or direct you to other websites that request such information.

Besides being asked for personal or financial information, there are many more things to watch out for to avoid a phishing scam. Read emails carefully, generally emails with phishing scams will contain spelling or grammatical errors. It’s a safe bet the staff of Coachella wouldn’t be sending out emails with multiple typos.



Be especially cautions of URLs embedded into any emails you receive. Oftentimes phishing emails will contain a URL that at first glance appears to be valid, but when you hover your mouse over top of the URL, you’ll see the actual hyperlinked address.

Of course there is a possibility that no one will ever attempt to retrieve your password from the recent Coachella database breach, but it’s better to be cautious and protect your personal information. If you have ever created an account on the Coachella website, remember to change your passwords and be on the lookout for phishing scams when receiving emails.

Do you wonder how to keep your business safe from cyberattacks like the Coachella incident? Contact us to learn more about keeping  your customers' information safe.