Some users of the streaming audio platform TuneIn likely had their accounts compromised earlier this year after an unknown person or group attempted to gain unauthorized access to their profiles, according to a message sent to affected users and reviewed by The Desk.
The message was sent in mid-April to an unknown number of TuneIn streamers after the company discovered someone was using usernames and passwords to gain access to accounts between March 13 and March 18.
The ruse was discovered by TuneIn on March 15 when the company “detected an unusually large number of failed login attempts to customer accounts,” the notice read. TuneIn ultimately determined “an unauthorized third party had accessed a list of usernames and passwords…to successfully log into our customers’ accounts.”
TuneIn said its own systems were not compromised, and that the list of usernames and passwords likely originated from a cybersecurity incident affecting another company. The notice warned streamers who use the same name and password might also have their accounts compromised on other services.
After discovering the issue, TuneIn says it reset passwords on all affected accounts. The company also “implement[ed] rules to block traffic associated with this third party.”
In addition to the notice, TuneIn provided affected users with the phone numbers of the three major credit reporting bureaus — Experian, Equifax and TransUnion — along with information on how users can obtain a free copy of their credit report. The guidance also encouraged users who are the victims of identity theft to contact their state attorney general’s office and the Federal Trade Commission.
TuneIn offers access to thousands of free streaming radio stations, including most local AM and FM broadcast stations in the United States, as well as podcasts, audiobooks and simulcasts of cable news stations. The company is based in San Francisco.
