The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

TuneIn says some accounts may have been compromised

The company wasn't the victim of an attack, but said someone may have obtained usernames and passwords through other means.

The company wasn't the victim of an attack, but said someone may have obtained usernames and passwords through other means.

A live stream of KYSR-FM as it appears on the TuneIn app for Roku devices.
A live stream of KYSR-FM as it appears on the TuneIn app for Roku devices. (Graphic by The Desk)

Some users of the streaming audio platform TuneIn likely had their accounts compromised earlier this year after an unknown person or group attempted to gain unauthorized access to their profiles, according to a message sent to affected users and reviewed by The Desk.

The message was sent in mid-April to an unknown number of TuneIn streamers after the company discovered someone was using usernames and passwords to gain access to accounts between March 13 and March 18.

The ruse was discovered by TuneIn on March 15 when the company “detected an unusually large number of failed login attempts to customer accounts,” the notice read. TuneIn ultimately determined “an unauthorized third party had accessed a list of usernames and passwords…to successfully log into our customers’ accounts.”

TuneIn said its own systems were not compromised, and that the list of usernames and passwords likely originated from a cybersecurity incident affecting another company. The notice warned streamers who use the same name and password might also have their accounts compromised on other services.

After discovering the issue, TuneIn says it reset passwords on all affected accounts. The company also “implement[ed] rules to block traffic associated with this third party.”

In addition to the notice, TuneIn provided affected users with the phone numbers of the three major credit reporting bureaus — Experian, Equifax and TransUnion — along with information on how users can obtain a free copy of their credit report. The guidance also encouraged users who are the victims of identity theft to contact their state attorney general’s office and the Federal Trade Commission.

TuneIn offers access to thousands of free streaming radio stations, including most local AM and FM broadcast stations in the United States, as well as podcasts, audiobooks and simulcasts of cable news stations. The company is based in San Francisco.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is an award-winning journalist with more than 10 years of experience covering the business of television and radio broadcasting, streaming services and the overall media industry. In addition to his work as publisher of The Desk, Matthew contributes regularly to StreamTV Insider and KnowTechie, and has worked for several well-known news organizations, including Thomson Reuters, McNaughton Newspapers, Grasswire, Comstock's magazine, KTXL-TV and KGO-TV. Matthew is a member of IRE, a trade organization for investigative reporters and editors, and is based in Northern California.

Email: [email protected] | Signal: 530-507-8380