Radio and Music Social Networking Website

Disclaimer

We Leak Info did not take any part in breaching this website. Furthermore, we do not know the individual(s) who breached this website.

We Leak Info does not sell or trade databases. Please do not contact us about acquiring this data from us. We will ignore such requests.

We Leak Info does not give out information about our donors. We take the privacy of our users very seriously.

Journalists, researchers, news outlets, law enforcement, and alike can contact us through the methods listed below.

Anyone may use and cite any information on this page as long as proper credit is given to We Leak Info and a link is provided to the website.

Contact Methods:


Introduction

8tracks.com an internet based radio and music social networking website. The website was breached on June 27, 2017 affecting over 18 million users. On April 2, 2018 an anonymous user generously donated the data to We Leak Info. After we received the data, we verified the entries through Have I Been Pwned and samples we acquired over the months. After verifying the integrity of the data, we proceeded to parse and analyze it. Below are our findings.


What is We Leak Info?

We Leak Info is the world's fastest and largest data breach search engine. We help individuals secure themselves online by allowing them to verify if their password or email has been leaked. Unlike similar sites such as Have I Been Pwned, We Leak Info allows the user to view the raw results from the database.

We Leak Info is a freemium tool and provides free searches to everyone without registration. However, we require a small payment to view the raw results of a search. This goes towards maintaining expensive server fees and improving the service. Being the fastest data breach search engine on the market, each search takes a fraction of a milliseconds. We currently hold over 8 billion records.


Accounts

Out of the 18 million users, 1,479 users did not have a hash or salt associated with their account. This is due to users signing in with third party authentication services such as Google or Facebook. When signing in using a third party service, the end party, 8tracks in this case, does not store the password.

We also noticed that not all users, who had hashes, also had salts. 47 users had hashes but were missing salts. We believe this is due to 8tracks, at one point, adding salts as part of their password encryption system. Hence, the 47 users, whom are missing salts, are users that have not logged into the website since the password encryption system was updated.


Hashes

8tracks uses the SHA-1 hashing algorithms with salts. As mentioned before, some users are missing salts, however this is a very small portion and does that significantly affect the data.

We were able to decrypt 94.22% of the hashes with our GPU cluster. The decrypted hashes have been uploaded to our hash api system.


Emails

We found a total of 315,427 unique email domains. Since this list is too big, we have posted the top 20 email domains below. If any journalists, cybersecurity researchers, news outlets, and such wish to obtain the full list, they can do so by contacting us with the methods listed above.

Top 20 Email Domains:

  • Gmail.com: 6,801,289
  • Hotmail.com: 3,561,882
  • Yahoo.com: 2,063,848
  • Facebook.com: 1,030,912
  • Outlook.com: 655,729
  • Aol.com: 364,992
  • Live.com: 210,900
  • Hotmail.co.uk: 164,471
  • Icloud.com: 105,695
  • Comcast.net: 91,082
  • Ymail.com: 83,856
  • Msn.com: 80,334
  • Hotmail.fr: 79,901
  • Yahoo.co.uk: 78,639
  • Aim.com: 72,922
  • Me.com: 70,166
  • Mail.ru: 64,895
  • Live.ca: 54,029
  • Googlemail.com: 52,387

Conclusion

The 8tracks data is very valuable and is one that many do not have. We were very fortunate to be able to get our hands on it. We are still unsure to why some of the salts were missing, as 8tracks didn't provide an explanation in their breach notification.

If any journalists, cybersecurity researchers, news outlets, and such wish to know more details about this data, feel free to contact us through the methods listed above.