ReverbNation 2014 Data Breach

ReverbNation Music Promotion Platform Breach (2014, Disclosed 2016): 7 Million User Email Addresses & Passwords Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Third-Party VendorEntertainment: MusicEmail AddressPassword
Low SeverityWebsite / service breach

ReverbNation Music Promotion Platform Breach (2014, Disclosed 2016): 7 Million User Email Addresses & Passwords Exposed

Music promotion and distribution platform.

Verified by ObscureIQ Intelligence
8/100Breach Risk Index
3Data Value
10Market Recency
3198dSince Breach

Breach Intelligence Summary

Entity: ReverbNation · Actor: Unknown · Sources: 5 references
Attack: Third-Party Vendor
Profile: Platform · Music promotion and artist tools · Creator services platform · Global
Timeline: Breach (2014-01-01) · Indexed (Oct 05, 2017) · Year (2014)
Exposure: 7.0M records · 2 fields: Email Address, Password
Status: Confirmed

Executive Summary

In January 2014, ReverbNation suffered a data breach that was not identified until September 2015. An individual illegally accessed a ReverbNation vendor’s systems and reached a backup of the user database, exposing over 7 million accounts. Confirmed-circulating data comprised email addresses and passwords stored as salted SHA-1 hashes. No credit-card data was accessed.

ObscureIQ assessment: The breach notification indicated names, addresses, phone numbers, and dates of birth may also have been accessed, but only email and hashed passwords are confirmed circulating; the broader PII is carried as latent worst-case.

Breach Impact

Salted SHA-1 slows but does not prevent recovery of weak passwords, exposing reused credentials to stuffing attacks; the musician-focused user base may face targeted phishing.

About ReverbNation

ReverbNation is an online platform that helps independent musicians and artists build their careers through promotion, distribution, and fan-engagement tools.

Why They Hold Your Data

Creator-service platforms collect artist identity, contact details, fan engagement records, music-promotion activity, account data, and payment-adjacent or subscription records across music-marketing workflows.

Recent Developments

ReverbNation notified users in 2015 after discovering the breach, and the individual responsible was later identified and charged.

Data Points Exposed

2 verified field types
Email Address
Password Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Credential stuffing & account takeover

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the ReverbNation breach?

In January 2014, ReverbNation suffered a data breach that was not identified until September 2015. An individual illegally accessed a ReverbNation vendor’s systems and reached a backup of the user database, exposing over 7 million accounts. Confirmed-circulating data comprised email addresses and…

What data was exposed?

Verified fields include Email Address, Password.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
Cross-source
BreachForums_Official_Index
Independent catalogue listing
Cross-source
Dehashed
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation