No Password, No Problem: How This PledgeMusic Bug Let Anyone Log in Without a Password

Some music sites allow fans to stream any song they want for a monthly fee, others create suggestions or radio stations based on taste, and some even create direct communication between musicians and their fan base. In fact, PledgeMusic facilitates the latter, as it’s become a popular platform for artists and fans looking to connect. And unfortunately, a recently discovered security bug in PledgeMusic allowed practically anyone to connect with their platform– more specifically, log in to an account without needing a password.

The bug, which was accidentally discovered by a PledgeMusic user, allowed anyone to log in to an account with just an email address and did not require a password. So, if a cybercriminal knew—or guessed—your email correctly, they could log in to your account easily. The site itself contains limited personal data, but it does store credit card info, which means a cybercriminal could have made unauthorized payments and pledges to artists without a user’s consent. Not to mention, they could’ve simply snooped around your account and learned more about you that way.

Fortunately, the company said the issue has now been fixed. However, with their online account security recently shaky, it’s important PledgeMusic users still take precautionary measures for securing their account and their personal info. Here are a few pointers for doing just that:

  • Change up your login info immediately. If there’s any potential risk that a cybercriminal may have been snooping around an account of yours, it’s always good practice to change up the login info immediately. That means using a different email, and creating a new and unique password. That way, if they do happen to have their hands on the original login info, they won’t be allowed back inside your account. 
  • Check your bank account. In the chance that a cybercriminal was able to access your PledgeMusic account, they could potentially have gotten their hands on your financial info stored on the site. Therefore, it’s important to scan your bank account for any abnormal activity, that way you can flag it to your bank and cancel cards if need be.
  • Get educated. It can be challenging to secure against a vulnerability until a company patches the bug. So, when it comes to exploits, the best protection is education. By staying up-to-date on newly discovered bugs and vulnerabilities, you can know to change up your log in info or avoid interacting with these vulnerable sites altogether.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, ‘Like’ us on Facebook, and listen to our new podcast “Hackable?

Leave a Comment

ten + thirteen =