Coachella Fans' Personal Data Was Just Stolen in a Massive Website Hack

The Coachella Valley Music and Arts Festival is nearing its return next month, and the bacchanal promptly sold out in 40 minutes. 

Unfortunately, people with accounts on the festival’s website were subject to a large data hack yesterday. The data breach compromised customer “usernames, first and last names, shipping addresses, email addresses, phone numbers and dates of birth" according to a statement from the festival’s parent company, AEG. One partial silver lining: no passwords were stolen in the hack. 

Not all festival-goers were affected. Maintaining an account on Coachella.com isn’t part of the ticket-purchasing process, but rather a way for attendees to use the festival’s message boards, customize their lineup and discuss other things related to the weekend. Although there’s no official word on how many accounts were compromised, a spokesperson for AEG told Billboard that the attack is currently being investigated. All “unauthorized third-parties” have been blocked from accessing the site, per the spokesperson.

Last week, a striking report in Motherboard detailed a data-trader who claimed to be selling 95,000 Coachella user accounts on the dark web. None of the pilfered data in this instance included financial information, and at least a few of the accounts were created several years ago.

Festival organizers surmise that yesterday's event was part of an attempted phishing scam. The company’s statement reads:

“Please be aware that you may be targeted by phishing emails sent from people impersonating Coachella personnel. Please remember that Coachella will never solicit personal information or account information from you via email. Please exercise caution if you receive any emails or phone calls that ask for such information, or direct you to websites where you are asked for personal or financial information. Festival ticketing purchase accounts were not affected by this incident, however festival attendees may want to consider changing any passwords that they have shared with others.”

This year’s lineup includes Lady Gaga, Kendrick Lamar and Radiohead -- all of whom probably store their information on secure devices.

Sign up here for our daily Thrillist email, and get your fix of the best in food/drink/fun.

Sam Blum is a News Staff Writer for Thrillist. He's also a martial arts and music nerd who appreciates a fine sandwich and cute dogs. Find his clips in The Guardian, Rolling Stone, The A.V. Club and Vice. He's on Twitter @Blumnessmonster.