Universal Music websites suffered a breach that exposed the usernames and passwords of fans of bands who had signed up for updates on their favourite musicians.
Infamous hacktivist group Anonymous claimed responsibility for the hack as part of its AntiSec campaign, which aims to expose the weak spots in the internet security of big firms and government organisations. The group released a cache of files stolen from Universal as well as similar data extracted from Viacom, the Wall Street Journal adds.
In an email sent to a Reg reader on Monday, Universal admitted that email addresses, passwords and user's real names were exposed by an attack on the website of British indie rock band The Klaxons. No financial or credit card details were exposed, it added.
The circumstances of the breach suggest that the music label had stored passwords in plain text. Universal apologised for the breach and urged customers to change their passwords all around, especially if they had used the exposed login credentials on other sites. It also warned users to be wary of follow-up phishing attacks. ®