Hip-hop music industry heavyweight Empire Distribution, an independent record label, is now open to hackers.
The Cybernews investigation team found on February 4th, 2024, that Empire Distribution, an independent American record label, had misconfigured its systems and exposed its data to hackers.
The San Francisco-based label was established in 2010 and features a wide range of musical genres, including hip-hop, R&B, reggaeton, and reggae. Prominent musicians including Kendrick Lamar, Tyga, Iggy Azalea, Busta Rhymes, 50 Cent, and Snoop Dogg have collaborated with the label.
A publicly accessible environment file holding sensitive credentials is the source of the issue. Important configuration settings are kept in a text file called an environment file (.env). These settings frequently contain API keys, database access information, and other variables necessary for the application to run correctly. For this reason, granting access to the file must be secure.
Malicious actors might have compromised sensitive data including client information, financial records, or intellectual property by using the label’s compromised credentials to gain illegal access to Empire Distribution’s vital systems.
After contacting the company, Cybernews was able to get access to the credentials.
Leaked data included:
- JSON Web Token secret
- Mailgun API and domain
- SES key and secret
- Multiple database credentials
- Memcached server credentials
ONGOING INFORMATION CONTINUES 