Cyber Incident Victim: ReverbNation
Date:
Dec 2020
Location:
United States of America
Summary
Reverbnation.com was among 26 companies affected by a data breach involving stolen user records marketed by a broker on hacker forums. The incident exposed approximately 7.8 million user records from the platform, which had been previously disclosed as part of a larger set of compromised databases. The breach occurred through unauthorized access to user databases, consistent with broader patterns of threat actors targeting multiple organizations to aggregate and sell stolen data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2020, a data breach broker advertised stolen user records from 26 companies on a hacker forum, totaling 368.8 million records. Among these was ReverbNation.com, with 7.8 million user records listed for sale. The broker’s post indicated ReverbNation’s breach had been previously disclosed, linking to an earlier BleepingComputer report about a separate incident involving 550 million records sold in May 2020. This placement in the broker’s catalog confirmed ReverbNation’s data was part of a broader series of breaches marketed by threat actors. The dataset’s inclusion alongside companies like Teespring, MyON, and Fotolog suggested it was obtained through similar infiltration methods, though no technical specifics about ReverbNation’s compromise were disclosed in the December 2020 article. The broker did not specify pricing for ReverbNation’s data, unlike Teespring ($3,800–$4,000) or MyON ($2,800), indicating variable demand based on perceived value or freshness.
BleepingComputer’s investigation confirmed ReverbNation’s breach was not newly discovered, as it referenced prior reporting. No direct statement from ReverbNation was included in the article, unlike responses from MyON (confirming a breach but downplaying student data exposure) or Chqbook (denying a breach outright). The article noted that historically, such broker listings proved legitimate, with companies often disclosing breaches after public exposure. Impacts for ReverbNation users likely included credential-based risks, as samples from other breached companies contained login names, hashed passwords, and personal identifiers. The broader incident involved 18 previously disclosed breaches and 8 new ones, with ReverbNation categorized among the former. No remediation steps or forensic findings specific to ReverbNation were detailed, though the article universally advised password resets for all affected platforms. The broker’s activities highlighted ongoing challenges in containing resale of exfiltrated data even after initial breach disclosures.