/ SECURITY WATCH

Joan Jett’s BlackHeart Records Data Leak

Popular articles

05 / 12 / 2016

Joan Jett’s BlackHeart Records leaks thousands of files online including unreleased music, personal photos, social security numbers, and much more

This week legendary rocker and Rock and Roll Hall of Fame Member Joan Jett had an unfortunate reminder of how important cyber security and data protection is in today’s digital world. On Dec 1st the MacKeeper Security Research Center discovered Joan Jett’s BlackHeart Records leaking hundreds of gigabytes of data online. BlackHeart Records is an Independent label founded by Joan Jett and Kenny Laguna and has a good reputation as an established label with a range of well known artists.

The data breach is a massive treasure trove for fans and cyber criminals alike. There are unreleased tracks, never before seen pictures, even rejection letters from 1980 when Joan Jett was trying to get a record deal. There are also social security numbers of label employees and band members, internal memos and scanned checks of royalty payments and much more.

From the entertaining obsessed fan emails to lawsuits and arrest records of the label manager, this database is a look inside of how the record label is operated and the communication between rock and roll royalty.

Although there are no naked pictures or Hollywood style tabloid drama in the hundreds of gigabytes and countless thousands of files, there is a complete view of the many aspects of being a famous rockstar, operating a record label, and the meticulous documentation of every achievement, failure, or internal and external communications.

With the social security numbers, banking information, scans of passports, and IDs it is easy to see that cyber criminals could have exploited this data for identify theft, fraud, or extortion. The data is now secured and it is not known how long that IP was publically available.

One of the files that caught our attention was a folder named “Lawsuits”.

Buddy Miles the legendary drummer and a member of Jimi Hendrix's Band of Gypsys (1969–1970).  In 2003 Miles sued Jimi Hendrix’s estate for invasion of privacy, breach of contract, unfair trade practice, and false advertising. The defendants also included Universal, EMI, Warner Bros., MCA. Miles claims he was a co-writer on many well known Hendrix hit songs, but the family denied this and claimed that Mr. Miles was a hired musician and was not entitled to any additional royalties or compensation. Buddy Miles died in 2008 and it is unclear what ever became of the lawsuit because the judge ordered a gag order and there is no public record of this case. The MacKeeper Security Research Team has seen the motions, court documents and assumes these are true and correct accounts of legal action.

The data was completely exposed to the public internet with no username, password, or other authentication method in place. Anyone in the entire world with an internet connection could download the data. Generally, when dealing with software, the word "vulnerable" is used to describe a system that can be, or is, exploited in some fashion. In this situation, no exploit or deception was utilized in any way.

You can also read more on the story here: http://motherboard.vice.com/read/rock-star-joan-jett-blackheart-records-label-left-sensitive-data-online

For more information or media requests please contact security@kromtech.com