State Champ Radio hacking
A superfan accused of hacking Kelsea Ballerini and leaking her unreleased music has reached an agreement with the star’s lawyers not to share her songs with anyone else — and to name any people he’s already sent them to.
Just a week after Ballerini sued Bo Ewing over accusations that he illegally accessed her unfinished album and shared it with members of a fan club, attorneys for both sides said Wednesday (April 24) that they have agreed on a preliminary injunction against Ewing that will remain in place as the case plays out.
Under the terms of the injunction to which his lawyers agreed, Ewing is not only banned from disseminating any of Ballerini’s materials, he’s required to divulge who he has already shared them with and how he came into possession of her music.
Trending on Billboard
“Defendant shall, within thirty days of entry of this order, provide plaintiffs with the names and contact information for all people to whom defendant disseminated the recordings,” the agreement reads. “Defendant shall use his best efforts to disclose to Plaintiffs from whom and by what means he obtained the recordings.”
The agreement avoids a court battle over such an injunction, which Ballerini’s attorneys were asking a federal judge to impose regardless of Ewing’s cooperation. In doing so, they warned that the hack had caused “immediate and ongoing harm” that would get far worse if Ewing was allowed to widely release the allegedly leaked songs online.
“The most critical time for an album’s success is its initial release date,” Ballerini’s attorneys wrote in a motion demanding such an injunction. “Hacks like this substantially diminish both performers’ and labels’ ability to realize the full benefits of the release because the work is already available for download, for free, at the time of the official release.”
Ballerini sued last week, claiming that Ewing — allegedly a former fan who had become disillusioned with the star — had gained illegal “back-door access” to a device holding recordings of 12 songs still in production. Her lawyers say he then shared them with members of an online fan club.
“Because the recordings are not the completed master, the songs are not final and are subject to revision,” her lawyers wrote. “Ms. Ballerini and her team are the only people who can say when the recordings are complete. Defendant’s actions have stripped plaintiffs of that right and caused the distribution of unfinished work that may not yet be up to plaintiffs’ high professional standards.”
Almost immediately, the federal judge overseeing the case issued a so-called temporary restraining order — an emergency order that banned Ewing from sharing any of Ballerini’s materials. That order set the stage for a longer-term preliminary injunction, which both sides were set to debate at a hearing on Thursday (April 25).
Instead, Ewing’s attorneys struck Wednesday’s deal accepting such an injunction. Judge Waverly D. Crenshaw Jr. signed off on the agreement on Thursday. Neither side’s lawyers immediately returned requests for comment.
HipHopWired Featured Video
Source: Smith Collection/Gado / Getty / 23andMe
Nothing is safe from hackers on the web, not even the information 23andMe.
Spotted on The Verge, genetic testing and analysis company 23andMe announced on its blog site Friday, October 6, that hackers stole user data and is currently making its rounds on forums on the dark web.
According to the website, hackers utilized recycled logins to access the compromised accounts.
Another website, BleepingComputer, reports that a hacker dropped “1 million lines of data” for Ashkenazi Jewish people and was being sold for $1 – $10 per account.
The stolen data includes users’ names, profile photos, genetic ancestry results, date of birth, and geographical location. 23andMe confirmed the bad news to both websites.
Per The Verge:
The company confirmed to BleepingComputer that the data is legitimate in a statement it also shared in an email to The Verge. In the statement, 23andMe managing editor Scott Hadly wrote that “the preliminary results of this investigation suggest that the login credentials used in these access attempts may have been gathered by a threat actor from data leaked during incidents involving other online platforms where users have recycled login credentials.” He added that there was no indication of “a security incident within our systems.” BleepingComputer reports other users’ data was scraped using one of 23andMe’s own opt-in features, called ‘DNA Relatives”
In 23andMe’s blog post, there are instructions for users to reset their password and set up multi-factor authentication.
There is also a link to the company’s privacy and security checkup page while also directing users to its support team’s email if they need further assistance.
More Than 7 Million Accounts Were Affected
A PCMag report indicates that more than 7 million accounts might be in the sale getting their information from a Dark Web Informer post that included a screenshot from the now-deleted hacker forum post.
23andMe’s CEO Allegedly Knew About The Hack Two Months Prior
In a damning report from ArsTechnia, hackers claimed that 23andMe’s CEO was well aware of the stolen data two months ago but opted to keep quiet about it.
23andMe has spoken about the hack on its official X account, claiming it has conducted an investigation but has “not identified any unauthorized access” to its systems.
Yikes.
If you have been on the fence about giving your info to 23andMe, this news will keep you away.
—
Photo: Smith Collection/Gado / Getty
Executives at one of the largest independent ticketing companies in North America believe malware hidden inside a tracking pixel used for sending customers target advertisements was the source of two-and-a-half-year credit card skimming operation.
Company officials with See Tickets North America, a subsidiary of French entertainment conglomerate Vivendi, tell Billboard that criminals were able to operate a sophisticated credit card skimming fraud on See Tickets checkout pages. While See Tickets officials didn’t detail which events were impacted, the company is one of the largest ticketing sites for indie promoters in North America with clients that include Pitchfork Festival and Disco Donnie Presents’ Freaky Deaky festival, as well as venues like the Troubadour in West Hollywood, California.
Tracking pixels are typically used to identify customers and share information about the consumer with ad networks and other large technology companies. One popular use of tracking pixels in the events business is to serve ads to fans who visited a music festivals website but did not purchase tickets, in hopes of enticing them to make a purchase.
Company officials believe that an exploit in the pixel See Tickets was using allowed criminals to take snap shots of credit card transactions as they happened without having to break into See Tickets system or database. The malicious code first appeared on the site on June 25, 2019, about nine months before the COVID-19 pandemic forced the shutdown of the live entertainment industry.
“At See Tickets we take securing customer information very seriously and deeply regret this incident occurred,” Boris Patronoff, CEO of See Tickets North America, told Billboard in a statement. “We also understand how this may have negatively impacted on our clients and their customers. We conducted an immediate investigation as soon as the issue was discovered and communicated with clients and customers the moment it was possible to do so. We have since taken additional measures to further strengthen our security,.”
Company officials became aware of the security breach in April 2021 after being contacted by credit card investigators looking at fraudulent charges linked to purchases on See Tickets website site. Within days of being notified, the ticketing company hired two forensic investigation teams to investigate the breach. In January of this year, the malicious code was eradicated from the site.
Last month, See Tickets concluded its investigation and began notifying state law enforcement officials with the details of the breach. While See Tickets’ own customer and promoter data was not accessed during the breach, criminals were able to obtain details from credit card transactions including full name, address, card number, expiration date and CVV.
See Tickets says a majority of ticket buyers who used the site were not impacted by the breach and note that social security numbers, state identification numbers and bank account information was not exposed due to this incident, as they are not stored in its systems.
The breach is the second major hack of a ticketing company in five years. In 2018, hackers briefly took over the Ticketfly home page and took parts of the company offline for months grinding much of the independent music industry to a halt. Ticketfly users and client data were stolen during the attack and wound up on the dark web because of the attack.
-
Pages
