Last updated 2 weeks ago
The music trivia platform SongTrivia2 experienced a data breach in April 2026, with 291,739 unique user accounts compromised. The breach was disclosed when the data appeared on a public hacking forum, exposing email addresses sourced from both Google OAuth logins and direct site registrations.
The breach exposed email addresses, names, usernames, and avatars. For accounts created directly on the SongTrivia2 platform, bcrypt-hashed passwords were also compromised. The data originated from either Google OAuth authentication flows or native account creation systems within the platform.
No post-incident developments regarding regulatory actions, litigation, ransom payments, or remediation milestones were reported in the available information.
Data breach subsequently published to a public hacking forum
The SongTrivia2 breach demonstrates the risk of storing authentication data from multiple sources in a single repository, creating a concentrated target for attackers. The exposure of bcrypt-hashed passwords for directly registered accounts highlights the need for robust password storage practices even when using modern hashing algorithms. The platform's data architecture failed to adequately protect user information regardless of authentication method.
Sign in to join the discussion.
Company
Industry
Disclosed
Records Affected
Attack Vector
Industry
Attack Vector