A significant data breach that exposed millions of consumer credentials hit music streaming provider 8tracks.
An employee appears to have mistakenly exposed 18 million user accounts, which is what led to the leak.
The employee wasn't using two-factor authentication, which suggests that the GitHub repository's lack of security was the main contributor to the hack.
The investigation into the illegal password change attempt is still ongoing, as confirmed by 8Tracks.
Source: https://securityaffairs.com/60556/data-breach/8tracks-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/8tracks
"id": "8tr34191223",
"linkid": "8tracks",
"type": "Breach",
"date": "06/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '18 million',
'industry': 'Music Streaming',
'name': '8tracks',
'type': 'Company'}],
'attack_vector': 'Misconfigured GitHub Repository',
'data_breach': {'number_of_records_exposed': '18 million',
'type_of_data_compromised': ['User credentials']},
'description': 'A significant data breach that exposed millions of consumer '
'credentials hit music streaming provider 8tracks. An employee '
'appears to have mistakenly exposed 18 million user accounts, '
"which is what led to the leak. The employee wasn't using "
'two-factor authentication, which suggests that the GitHub '
"repository's lack of security was the main contributor to the "
'hack. The investigation into the illegal password change '
'attempt is still ongoing, as confirmed by 8Tracks.',
'impact': {'data_compromised': ['18 million user accounts']},
'initial_access_broker': {'entry_point': 'Misconfigured GitHub Repository'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': 'Lack of two-factor authentication'},
'title': 'Data Breach Exposes Millions of Consumer Credentials at 8tracks',
'type': 'Data Breach',
'vulnerability_exploited': 'Lack of two-factor authentication'}