TuneCore Hacked, Millions of Musicians' Information Compromised

Computer Hack
Getty Images

TuneCore now has something in common with Sony Pictures, Home Depot, United Postal Service and the U.S. State Department: it got hacked. The digital distributor revealed Friday it was the target of a security breach that compromised some of its customers' personal information and since has been working with a cybersecurity firm as well as federal authorities.

Although no music files were compromised, TuneCore says the hackers may have stolen names, email addresses, mailing addresses, account numbers and passwords that were stored in protected form. Although TuneCore customers' full financial information is never stored, the hackers may have obtained its customers' billing addresses and the addresses of banks on file, as well as the last 4 digits of credit card numbers, bank account numbers and bank routing numbers.

A TuneCore spokesperson told Billboard that they use a third party payment vendor to process credit card and banking transactions. "Based on our investigation, this process with our third party vendor was not compromised in the attack," they said.

Security breaches have become commonplace as more business takes place online. Mike McConnell, a former director of the National Security Agency, said in March that Chinese hackers "have penetrated every major corporation of any consequence in the United States," a possibly exaggerated claim that still underscores the preponderance of hacks that take place every year.

Tens of millions of U.S. consumers can related to TuneCore customers. A 2014 Pew Research Center survey found 21 percent of Internet users had an online account compromised and 18 percent had lost personal information. TuneCore has recommended its customers change their passwords, review their bank statements and monitor their credit.

While security breaches are widespread they are less common in music and entertainment. The most notable hacks of entertainment companies were Sony Pictures and Sony Entertainment. Both events were costly embarrassments for both companies and parent company Sony Corp.

The Sony PlayStation Network hack in 2011 compromised the account information of 77 million account holders and cost the company $172 million that year alone.

Three years later, hackers broke into Sony Pictures. Believing North Korean government was behind the attach, Sony Pictures ending up pulling from theaters the James Franco-Seth Rogan film "The Interview," a satire about two journalists that travel to North Korea to interview its leader, Kim Jong-Il. The hackers later leaked over 30,000 emails, revealing embarrassing details about the company's internal workings.

The previous hack in digital music occurred in January 2014 when a hacker illegally accessed the system of a ReverbNation vendor and gained access to customer information. As with the TuneCore hack, no credit card information was obtained in the ReverbNation incident. 

UPDATE 11/8: This article has updated with a comment from a TuneCore spokesperson.


The Biz premium subscriber content has moved to Billboard.com/business.

To simplify subscriber access, we have temporarily disabled the password requirement.