The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

TuneIn says some accounts may have been compromised

The company wasn't the victim of an attack, but said someone may have obtained usernames and passwords through other means.

The company wasn't the victim of an attack, but said someone may have obtained usernames and passwords through other means.

A live stream of KYSR-FM as it appears on the TuneIn app for Roku devices.
A live stream of KYSR-FM as it appears on the TuneIn app for Roku devices. (Graphic by The Desk)

Some users of the streaming audio platform TuneIn likely had their accounts compromised earlier this year after an unknown person or group attempted to gain unauthorized access to their profiles, according to a message sent to affected users and reviewed by The Desk.

The message was sent in mid-April to an unknown number of TuneIn streamers after the company discovered someone was using usernames and passwords to gain access to accounts between March 13 and March 18.

The ruse was discovered by TuneIn on March 15 when the company “detected an unusually large number of failed login attempts to customer accounts,” the notice read. TuneIn ultimately determined “an unauthorized third party had accessed a list of usernames and passwords…to successfully log into our customers’ accounts.”

TuneIn said its own systems were not compromised, and that the list of usernames and passwords likely originated from a cybersecurity incident affecting another company. The notice warned streamers who use the same name and password might also have their accounts compromised on other services.

After discovering the issue, TuneIn says it reset passwords on all affected accounts. The company also “implement[ed] rules to block traffic associated with this third party.”

In addition to the notice, TuneIn provided affected users with the phone numbers of the three major credit reporting bureaus — Experian, Equifax and TransUnion — along with information on how users can obtain a free copy of their credit report. The guidance also encouraged users who are the victims of identity theft to contact their state attorney general’s office and the Federal Trade Commission.

TuneIn offers access to thousands of free streaming radio stations, including most local AM and FM broadcast stations in the United States, as well as podcasts, audiobooks and simulcasts of cable news stations. The company is based in San Francisco.

Get stories like these in your inbox, plus free breaking news alerts on business and policy matters involving media and tech.

Get stories like these in your inbox, plus free breaking news alerts on business and policy matters involving media and tech.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is a nationally-recognized, award-winning journalist who has covered the business of media, technology, radio and television for more than 11 years. He is the publisher of The Desk and contributes to Know Techie, Digital Content Next and StreamTV Insider. He previously worked for Thomson Reuters, the Walt Disney Company, McNaughton Newspapers and Tribune Broadcasting.
Home » News » Industries » Security » TuneIn says some accounts may have been compromised