‘Radio.com’ Announced Breach Which Exposed Sensitive User Data

• An undisclosed number of Radio.com users had their personal information exposed in a breach incident.
• The data was stored on the cloud as a backup, and it may have been kept in a plain-text form.
• The exposed individuals are advised to reset their passwords and monitor their bank account activity.

Entercom Communications Corp., the owner of the Radio.com platform, has announced a data breach that has exposed sensitive user data. More specifically, Entercom detected malicious activity on its networks in September 2019. Upon investigating the problem, they confirmed that someone had managed to access their cloud-hosted backup files database back in August 2019, and for approximately three hours. In this database, Entercom kept sensitive data of Radio.com users, who are now receiving the relevant notifications of a breach. The data that has been accessed by a third-party includes the names, usernames, passwords, Social Security numbers, and the driver’s license numbers of those registered at the service.

Radio.com is a free broadcast and internet radio platform that features over 235 radio stations from across the United States, thousands of podcasts, and a powerful "recommendations" system. It’s available on many devices and platforms, it's compatible with Amazon Alexa and Google Assistant, and is used by approximately 170 million people each month. If you are one of these individuals, you may call the toll-free assistance line at "(855) 359-3626" to ask for more information about what happened and what steps you should take from now on to protect yourself.

First and foremost, change your account password on Radio.com and on all other online platforms that you may be using the same credentials in order to protect against stuffing attacks. Secondly, you should monitor your bank account activity and credit reports closely, and immediately report any suspicious activity to your bank. If you want to take things a step further, you may request a security freeze on your account at no extra cost. Entercom also offers a free credit monitoring service for up to 12 months and has enclosed the required instructions on how to enroll in the distributed notices.

Entercom hasn’t clarified if the affected data was encrypted or not, although they should know better. Last September, Entercom fell victim to a hacker attack that resulted in a ransomware infection and the demand of half a million dollars. Then, in December, Entercom’s internal communications systems went offline as a result of yet another cyber-attack. Whether or not the recent announcement about the exposure of user data has anything to do with the previous attacks hasn’t been elucidated either, but there’s likely a connection here.