No Password, No Problem: How This PledgeMusic Bug Let Anyone Log in Without a Password
Some music sites allow fans to stream any song they want for a monthly fee, others create suggestions or radio stations based on taste, and some even create direct communication between musicians and their fan base. In fact, PledgeMusic facilitates the latter, as it’s become a popular platform for artists and fans looking to connect. And unfortunately, a recently discovered security bug in PledgeMusic allowed practically anyone to connect with their platform– more specifically, log in to an account without needing a password.
The bug, which was accidentally discovered by a PledgeMusic user, allowed anyone to log in to an account with just an email address and did not require a password. So, if a cybercriminal knew—or guessed—your email correctly, they could log in to your account easily. The site itself contains limited personal data, but it does store credit card info, which means a cybercriminal could have made unauthorized payments and pledges to artists without a user’s consent. Not to mention, they could’ve simply snooped around your account and learned more about you that way.
Fortunately, the company said the issue has now been fixed. However, with their online account security recently shaky, it’s important PledgeMusic users still take precautionary measures for securing their account and their personal info. Here are a few pointers for doing just that:
- Change up your login info immediately. If there’s any potential risk that a cybercriminal may have been snooping around an account of yours, it’s always good practice to change up the login info immediately. That means using a different email, and creating a new and unique password. That way, if they do happen to have their hands on the original login info, they won’t be allowed back inside your account.
- Check your bank account. In the chance that a cybercriminal was able to access your PledgeMusic account, they could potentially have gotten their hands on your financial info stored on the site. Therefore, it’s important to scan your bank account for any abnormal activity, that way you can flag it to your bank and cancel cards if need be.
- Get educated. It can be challenging to secure against a vulnerability until a company patches the bug. So, when it comes to exploits, the best protection is education. By staying up-to-date on newly discovered bugs and vulnerabilities, you can know to change up your log in info or avoid interacting with these vulnerable sites altogether.
The post No Password, No Problem: How This PledgeMusic Bug Let Anyone Log in Without a Password appeared first on McAfee Blogs.
More antivirus and malware news?
- As Facebook privacy suit reaches 25,000 participant target, court is still unsure if it will allow it
- Microsoft extends Azure Active Directory authentication with two new services
- Apple never planned to have a fingerprint reader in the iPhone X
- Battelle deploys quantum key-protected network in full production
- Comment on Is WordPress.com SPAM Campaign Due to Compromise? by Protecting Against WordPress Brute-Force Attacks | Sucuri Blog
- Apple iMessage’s end-to-end encryption stymies US data request
- Mr. Robot eps2.8_h1dden-pr0cess.axx – the security review
- Factory reset in Android phones leaves sensitive user data behind
- Facebook Ready to Retire SHA-1
- SonicSpy Malware Snoops on Google Play Users via Messaging Apps