The popular radio and playlist streaming site 8tracks has been hacked loosing details of roughly 18 million accounts onto the Dark Web.

8track users will have to be careful in the coming weeks as the streaming site has fallen victim to a massive hack. Breach notification site LeakBase provided information to Motherboard on the hacked data and revealed that around 18 million accounts have been affected by the hack.

The accounts affected are currently being traded on the Dark Web after hackers gained around 6 million usernames, email addresses and hashed passwords. The passwords are hashed with an SHA1 algorithm, however that doesn’t mean hackers won’t find a way past to gain access to user’s passwords as well.

In a blog post, 8tracks said:

8tracks does not store passwords in a plain text format, but rather uses one-way hashes to ensure they remain difficult to access. These password hashes can only be decrypted using brute force attacks, which are expensive and time-consuming, even for one password.

We have found what we believe to be the method of the attack and taken precautions to ensure our databases are secure. 8tracks does not store sensitive customer data such as credit card numbers, phone numbers, or street addresses.

It’s currently thought that hackers gained access through an employee’s Github account that hadn’t been secured with two-factor authentication. Alarms were raised when Github reported an unauthorised password change to 8tracks. 8tracks believe that the hackers did not gain any further access into database or production servers.

Users who signed up to 8tracks using Google or Facebook are reportedly fine but users who signed up with their email face a giant risk currently. It is recommended that any 8tracks users change their password and take steps to make sure their account is protected. 8tracks also re-iterate the age-old “don’t use the same password on multiple sites” so… you might want to consider that.