Warner Music was hacked; customers’ personal and financial data leaked

Data breach incidents continue to affect large companies around the world. On this occasion, it has been revealed that Warner Music Group suffered a data breach that compromised the personal and financial information of thousands of customers after some of its e-commerce sites were attacked by a group of hackers, allegedly Magecart operators.

WMG is one of the most important record companies in the world, with almost 4,000 employees and a presence in 70 countries through a huge chain of subsidiary and affiliated companies, so this is a relevant incident for thousands or even millions of people.

This company also owns Warner Chappell Music and some of the world’s most successful record labels, including Elektra, Warner Records, Atlantic, Warner Classics, Parlophone, Warner Music Nashville, among many other brands.

In its incident report, the company mentions that it involves multiple of its commercial websites, operated through a third-party company. Malicious hackers could have accessed the personal information and financial details that users enter on these sites.

“On August 5, we were notified that an unauthorized third party compromised some of our e-commerce websites operated by U.S.-based third-party vendors,” mentions the report the company sent to potentially affected users. Improper access would have occurred between 25 April and 5 August this year.

WMG goes on to mention that the unauthorized actor managed to access a copy of the data recorded on these sites and, although the company has not confirmed that this data has been extracted from the websites, the possibility that the information may be used for malicious purposes such as phishing attacks, bank fraud, among other crimes is not ruled out.    

User data compromised during the incident includes details such as:

  • Full names
  • Email addresses
  • Phone numbers
  • Billing address
  • Payment card details
    • Card number
    • Expiration date
    • Security key  

It appears that payment information on exposed sites made through PayPal was not compromised.

WMG executives have not provided further details about the type of attack the company was targeted for, although cybersecurity experts mention that the mode of operation used in this incident is identical to that of Magecart attacks. These attacks are based on injecting malicious scripts into JavaScript-based websites in order to extract information, mainly financial details.