TrueFire hacked, credit cards and personal info may have been compromised

A hacker allegedly gained unauthorised access to credit card information as it was entered on the website.

Tuition website TrueFire has informed users that an “unauthorised person” had access to the company’s computer system, and specifically to unencrypted information that was entered into its website, for a period of over five months.

Guitar.com was today contacted by one of the affected users, who shared with us the full text of the letter they had been sent from TrueFire LLC, titled  ‘Notice Of Data Breach’, explaining and apologising for what had occurred.

The user told us that TrueFire, which boasts over 1 million users worldwide, explained that even though it does not store personal information itself, the ‘unauthorised user’ had potentially been able to harvest sensitive customer information as it was being entered into the site.

In the letter, TrueFire wrote: “On January 10, 2020, TrueFire discovered that an unauthorised person gained access to our computer system and, more specifically, to information that consumers had entered through the website. While we do not store credit card information on our website, it appears that the unauthorized person gained access to the website and could have accessed the data of consumers who made payment card purchases while that data was being entered, between August 3, 2019 and January 14, 2020.”

It continued: “We cannot state with certainty that your data was specifically accessed, however you should know that the information that was potentially subject to unauthorised access includes your name, address, payment card account number, card expiration date and security code.”

TrueFire went on to recommend that affected users review payment card statements for suspicious activity, as well as following standard preventative measures against identity theft. It also provided assurance that it was monitoring for any more unauthorised activity on the site, and was working with “computer forensic specialists to determine the full nature and scope of the intrusion”, as well as reporting the breach to law enforcement authorities.

Guitar.com reached out to TrueFire for a comment on this story, and the company released the following statement to us:

“The confidentiality, privacy, and security of information in TrueFire’s possession is one of its highest priorities. TrueFire has stringent security measures in place to protect this information, and we are providing notice to the segment of customers who were potentially affected by this incident.”

For more guitar news, click here.


The destination for all things guitar.

© 2023 Guitar.com is part of NME Networks.