Coachella Valley Music and Arts Festival has announced that information about users registered on its website (a process required to purchase tickets for the festival) has been digitally compromised. The below statement, emailed to account holders, was forwarded to Pitchfork. A representative for AEG, the company behind Coachella, confirmed that the statement is official. “We recently discovered that unauthorized third parties illegally gained access to the usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth individuals provided to Coachella,” an email to account holders reads. “We have confirmed that no user passwords were stolen.” The statement follows a recent Motherboard report claiming that hacked Coachella account data was being sold on the dark web.
According to the statement, an investigation found that “no financial information was accessed.” The statement also says the festival has “taken measures to block further unauthorized access” and has reported the incident to the appropriate authorities. The statement continues:
Please be aware that you may be targeted by phishing emails sent from people impersonating Coachella personnel. Please remember that Coachella will never solicit personal information or account information from you via email. Please exercise caution if you receive any emails or phone calls that ask for such information, or direct you to web sites where you are asked for personal or financial information. Festival ticketing purchase accounts were not affected by this incident, however festival attendees may want to consider changing any passwords that they have shared with others.
However, according to Vice journalist, Joseph Cox, the data did included hashed passwords
Wait, so Coachella says no passwords were exposed (false), but still recommends people change their passwords
— Joseph Cox (@josephfcox) March 1, 2017