Music Industry on High Alert as Tunecore Gets Hacked

  • Save


Updated: Monday, 12/7 9:00 am PT: Tunecore offers an official statement on the hack (updated below).

Security breaches are sadly becoming routine these days, though hacks are suddenly spiking in the music industry.  On Friday, Tunecore became the latest to suffer a breach, though the exact nature of the damage remains uncertain.  Initial correspondence from CEO Scott Ackerman started late Friday night and into Saturday morning, with an official statement now released to Digital Music News:

A recent data breach may have resulted in unauthorized access to some of our customers’ personal data and account information. TuneCore takes data security very seriously, especially the security of our customers’ personal information.



TuneCore already had in place a number of security measures, including: manual review of all requests for payment, restricting access to our main website and protecting account passwords. We are actively working with law enforcement to investigate this unlawful act, and we have retained a leading cybersecurity firm to help prevent this from happening again. We are also working to further enhance our network and software security, and will continue to do so in the weeks and months ahead.


TuneCore greatly values our customers and respects the privacy of their information, any customers with additional questions can refer to this FAQ page.

The actual fallout could take weeks or months to understand, though Tunecore appears to be playing tight defense.  Among the potentially stolen data are customer names, addresses, email addresses, account numbers, and passwords, according to Ackerman, though no mention of credit card numbers has been made.  Unfortunately, this damage can easily ripple beyond Tunecore, with hackers using passwords to break into other accounts that employ the same login credentials.

In response, Tunecore has already invalidated passwords, and other measures are certainly being taken.  Thankfully, Tunecore is giving its users the bad news in a straightforward fashion, a smart hedge against potentially more serious issues ahead.  “It is possible for a determined hacker with sufficient time, using advanced computing tools, to recover those passwords,”Ackerman noted.

The unfortunate breach follows cracks at Spotify, Patreon, and Songkick in recent months, among others.  In the case of Songkick, an overwhelming level of demand for Adele tickets led to some strange mishaps, including the display of other fans’ ticketing purchases.  “At no time was anyone able to access another person’s password, nor their payment or credit card details (which are not retained by Songkick),” the company told the BBC.

In the other cases, the damage seems to be contained, though none of that is especially reassuring to affected users.

Cover image by Leo Grübler, licensed under Creative Commons Attribution 2.0 Generic (CC by 2.0).

9 Responses

  1. Anon

    Maybe someone should hack all these aggregators and see if they cook the books or not on payouts.

    • a_troll

      I’ve wondered about this, but could never dream up the methods they’d use to shortchange their customers. Perhaps some of the more devious readers could brainstorm out loud here.

      • aaron davis

        well, they could say you had 800 streams in a month when you actually had 1,000. for services outside of spotify with no public play counts, there would really be no way to prove it otherwise. that’s why EVERY service should have public play counts. i’m looking at you tidal!

        • Anon

          No one cares about streams, only downloads matter.

          But yes, I’m pretty sure that’s what they do – claim you had less downloads than you did.

          • James

            I get paid way more for streams than downloads stop talking out your ass

  2. FreeCiaGra

    Hackers have small penises and are very tormented because of that, it’s a proven fact. Perhaps if there was a free penis-enlargement program offered to any hacker that asks for it ( this could be funded by IT security departments of big companies ), we would immediately see the number of illegal hacking going down as a consequence.