Internet radio service 8tracks founder and CEO, David Porter, has acknowledged that the company was hacked.

He claims that no financial data, phone numbers or postal addresses were exposed, however, email addresses and hashed and salted passwords were stolen.

Porter stated: “Passwords on 8tracks are hashed and salted, meaning that even we can’t tell you what your password is by looking at the database.”

“Although the decryption of one particular user’s password through brute-force techniques is unlikely, we recommend that users change their password on 8tracks and any sites on which they may have used the same password to ensure their personal security.”

Porter is urging users to change their passwords as well as those same passwords being used on other sites.

The reported hack has compromised 18 million users.

The hack was traced back to one employee who did not use 2FA on their GitHub account.

“We have secured the account in question, changed passwords for our storage systems, and added access logging to our backup system. We are auditing all our security practices and have already taken steps to enforce 2-step authentication on GitHub, to limit access to repositories, and to improve our password encryption.”

Source: Info Security