Nearly one million user accounts for the Coachella Valley Music and Arts Festival website have been found for sale on the underground marketplace.
According to a recent report by Motherboard, the data available for purchase includes email addresses, usernames and hashed passwords.
The data trader, who identifies as ‘Berkut,’ wrote on the Tochka marketplace listing: “Coachella complete database dump from this month.”
The immensely popular multi-day concert is held annually in Indio, California, attracting close to 200,000 attendees in 2016.
In a sample of more than 10,000 accounts that Berkut provided the publication with, Motherboard found the data did not contain payment details.
“Motherboard verified the data by attempting to create new accounts on Coachella.com with 30 of the provided email addresses—every randomly selected address was already linked to a current account on the site,” said Motherboard reporter Joseph Cox.
Berkut noted that about 360,000 of the accounts relate to the main Coachella website, while another 590,000 correspond to the message board, which also include user IP addresses.
The publication said Coachella has not yet responded to its request for comments on the allegations.
“Even when doing something as trivial as signing up to a music festival website, we are constantly giving out personal data concerning ourselves,” added Cox.
“Once you’ve downloaded a password manager, the software can quickly and easily generate unique logins for any site you might use, meaning that when a random site you used months or years ago suffers a data breach, hackers won’t be able to do all that much with the stolen info,” he recommended.