I got an email to my Gmail saying that Pandora was hacked, and that my user account was listed under those who had been accessed. The email had a link where I could reset my password.
First, I didn’t realize that I had a password on my Pandora account, which I seldom use and is only on my phone. Second, I have a nasty and suspicious mind, and assume right off the bat that this is a scam, and someone wants to hack into my phone and do unpleasant things.
Has anyone else received this email? Is it real? What are the consequences, if it is real and I don’t reset my password? I did a quick Google but didn’t find anything conclusive, apart from the standard advice not to click on links in unsolicited emails.
Don’t need answer fast, but any information from the Dope would be welcomed.
Never click an unsolicited link to “reset your password.” It’s most likely a phishing scam. If you are worried, go to pandora.com and reset your password from there.
You DO have a password on your Pandora account though. Even free accounts are password protected.
I don’t know what good a stolen Pandora account does anyone, unless they’re just hoping to connect that email/password with other accounts. I don’t think they save credit card info in any accessible way (last four digits maybe). Still, enalzi is right and you should go there directly to change it.
Yeah, you don’t have to have a “nasty and suspicious mind” to think that sounds like phishing. Even if it is legit, emailing users a link to click on to reset their passwords is a dumb way to do it.
But I did find articles here and here, at what look like reputable sites (though I’m not specifically familiar with them), showing the email that may be the one you got, and explaining that Pandora itself wasn’t hacked, but some people’s Pandora usernames and passwords seem to have been released from another source. (So, if the email you got actually did say Pandora itself was hacked, that’s not the one these articles are talking about.)
Safe bet, whenever you receive an email like this, legit or not, go directly to the site and change the password. Either it actually WAS cracked, and your password needs to be changed, or it’s phishing, and going directly there bypasses their bad link and changing the password doesn’t hurt.
And as for how much a Pandora account is worth, on it’s own, not much. But I doubt that’s what they’re really after. A LOT of people will use the same or similar passwords for multiple accounts, so if they can attach an email to a password, there’s probably a significant number of email accounts they could crack just from trying the pandora password at that email account. Even if it’s not the same as the email, they might try other important accounts with a known working username and password, like facebook, bank accounts, or other similar things.
Yeah, personally, my pandora account doesn’t have a particularly strong password, but I don’t particularly care if it’s attacked, since I just lose a couple stations I can recreate with minimal fuss. The important thing is that it’s different from all of my critical accounts, which are all complex passwords and different from each other.
Thanks for your responses. I don’t know what the password on my Pandora account is - Pandora came with my phone, and I don’t recall logging in, ever. (Maybe I just don’t remember.)
If you’ve never used the app or used Pandora on your PC, you never established an account. Which makes this some kind of phishing expedition.
If you’re unsure whether you even have an account, you can go to Pandora and try signing in and select “Forget my password”. They’ll prompt you for an email address to send a reset code to, and if your email address isn’t in their system, it’s very unlikely you have an account at all.
I haven’t used it on my PC, but I have on my phone. I have reset my Google password recently.
I haven’t ever done that thing where I give Google or Windows my phone number, because I don’t trust them not to abuse it. But if my Pandora password is the same as my Google password, it has been reset already.
I got the email as well, which surprised me, because I don’t HAVE a Pandora account, and never did. I was sure it was a phishing scheme. I reported it to Pandora, using the contact form on their website.
I just got an e-mail back from them. The original e-mail is apparently legit, and there was some sort of mixup responsible for my getting the e-mail.
They probably had the list of emails/passwords that were hacked from other sites and Pandora was comparing to their own records. Although CalMeacham didn’t have an account with Pandora, they mistakenly thought he did and contacted him via the email from the “hacked list”.