Goldenvoice sent out an email to its users last night warning that a database holding some of their personal information had been hacked. First reported on Vice’s Motherboard, the stolen information contained most user account names, email addresses and shipping information. While no financial information was compromised, the hack represents a serious security setback for the festival promoter. Yesterday Goldenvoice officials sent out this email to ticket buyers notifying them of the breach.

So what’s going on here? Below we answer five questions on the Coachella hack you were afraid to ask.

What exactly was hacked?

According to AEG, hackers were able to breach a CRM-type database that fans can use to explore Coachella’s lineup and chat with other fans on the Coachella message board. This database is different from the Gingerbread ticketing system Goldenvoice uses for Coachella — that system uses a separate login and credential system from the stolen Coachella.com database.

So what was taken? According to AEG, “usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth individuals,” were compromised, but “we have confirmed that no user passwords were stolen.” Financial information like credit card information was not compromised in the attack.

What should Coachella fans do?

They probably don’t need to do anything, besides stay alert for phishing scams and other illegal activities.  Coachella officials told users they should “consider changing any passwords that they have shared with others.”

Yeah…and going forward, don’t share your passwords. Watch out for suspicious emails that ask you to login to your account to verify information. Opt for double-verification settings on Gmail and Facebook and use a password vault like LastPass to store your passwords.

What can hackers do with the Coachella information they obtained?  Not much — the personal details stolen aren’t that different than the marketing lists companies sell and trade. In fact, the information is really only valuable to other festival promoters and event organizers, although purchasing the information and using it for marketing would be incredibly stupid and illegal.

Who stole the data?

According to Vice, a hacker using the handle @berkut on the dark website Tochka is taking credit and was attempting to peddle the database for $300. Using a Tor browser, we created an account on Tochka and checked out Berkut’s profile — he was no longer selling the Coachella data, but he was trying to sell a stolen database for an ecommerce site based in Mumbai, India. He was also selling a stolen database from  policeone.com, a news and message site for law enforcement officials.

PoliceOne acknowledged the attack on their site, posting on Feb. 7 that they had been “notified that the content of our PoliceOne Forum was the subject of unauthorized access and acquisition. The incident occurred in our forums, which are run on third-party software and are entirely separate from our main PoliceOne member database and other systems, which have not been compromised.”

Sites selling hacked databases are a big part of the dark web, which is essentially a network of sites that can only be accessed through a virtual private network and a special web browser. It only takes a very basic knowledge of the internet to hop on and browse sites selling stolen information, weapons and lots of drugs.

Wait did you just say I could buy drugs?

Totally dude…and if you order now, it can be here in time for Coachella!

Prices are listed in US Dollars but you have to pay with the Bitcoin cryptocurrency. Just a few words of caution. First, if you do decide to buy drugs online, you’re breaking a number of federal laws — possession of a controlled substance, drug trafficking, and potential mail fraud. Also, there’s the very real possibility that the site will get busted and your address and order history might end up on some DEA Agent’s desk.

When in doubt, just say no. Drugs are bad. M’kay?

Did Putin order Berkut to hack Coachella?

Maybe. We’re not saying he did, but we’re also not saying he didn’t.

Why would Putin want to mess with Goldenvoice? Hmmmmmmm………….

Dave Brooks
Follow Me

Dave Brooks

Founder & Executive Editor at Amplify Media
Dave Brooks has over 15 years experience as a writer, including eight years as the Managing Editor of Venues Today. He started Amplify in 2014 to give the industry its own voice and turn up the volume on live entertainment.
Dave Brooks
Follow Me

Encana