The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

TuneIn says some accounts may have been compromised

The company wasn't the victim of an attack, but said someone may have obtained usernames and passwords through other means.

The company wasn't the victim of an attack, but said someone may have obtained usernames and passwords through other means.

A live stream of KYSR-FM as it appears on the TuneIn app for Roku devices.
A live stream of KYSR-FM as it appears on the TuneIn app for Roku devices. (Graphic by The Desk)

Some users of the streaming audio platform TuneIn likely had their accounts compromised earlier this year after an unknown person or group attempted to gain unauthorized access to their profiles, according to a message sent to affected users and reviewed by The Desk.

The message was sent in mid-April to an unknown number of TuneIn streamers after the company discovered someone was using usernames and passwords to gain access to accounts between March 13 and March 18.

The ruse was discovered by TuneIn on March 15 when the company “detected an unusually large number of failed login attempts to customer accounts,” the notice read. TuneIn ultimately determined “an unauthorized third party had accessed a list of usernames and passwords…to successfully log into our customers’ accounts.”

TuneIn said its own systems were not compromised, and that the list of usernames and passwords likely originated from a cybersecurity incident affecting another company. The notice warned streamers who use the same name and password might also have their accounts compromised on other services.

After discovering the issue, TuneIn says it reset passwords on all affected accounts. The company also “implement[ed] rules to block traffic associated with this third party.”

In addition to the notice, TuneIn provided affected users with the phone numbers of the three major credit reporting bureaus — Experian, Equifax and TransUnion — along with information on how users can obtain a free copy of their credit report. The guidance also encouraged users who are the victims of identity theft to contact their state attorney general’s office and the Federal Trade Commission.

TuneIn offers access to thousands of free streaming radio stations, including most local AM and FM broadcast stations in the United States, as well as podcasts, audiobooks and simulcasts of cable news stations. The company is based in San Francisco.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is the publisher of The Desk and reports on the business and policy matters involving the broadcast television, streaming video and radio industries. He previously worked for Thomson Reuters, Disney-ABC, Tribune Broadcasting and McNaughton Newspapers. Matthew is based in Northern California, has won numerous awards in the field of journalism, and is a member of IRE (Investigative Reporters and Editors).