The names and email addresses of Lady Gaga fans have been stolen after the singer's website was breached last month.
According to her record label Universal Music, the hackers took a content database dump from the UK website and a section of email, first name and last name records. However no passwords or financial information was taken.
The hackers were identified as ‘SwagSec', who have previously attacked Gaga and recently attacked the websites of singers Amy Winehouse, Justin Bieber and Lauren Pritchard.
Rob Rachwald, director of security strategy at Imperva, said: “When it comes to hacking, even in the entertainment world, data is king. Although Lady Gaga's statement says nothing financial may have been taken, it's a safe bet that Lady Gaga fans are getting email messages offering exclusive Lady Gaga videos, pictures and music. But instead, they're clicking on malware.”
Graham Cluley, senior technology consultant at Sophos, said: “The risk to users who had their details compromised, of course, is that they could have been the subject of targeted attacks. Imagine how many of them might have opened an attachment or clicked on a link if they received an email claiming to be about free tickets for a Lady Gaga concert, or a sneak preview of her new video.
“Although Universal says that it has contacted everyone who was affected, can they be confident that they know the extent of SwagSec's hack? After all, the hack is claimed to have occurred weeks ago, but was only made public by SwagSec at the end of last week.
“Wouldn't it be more open and transparent to have a message to fans of the Lady Gaga UK website, telling them all what occurred? I went looking and couldn't find anything to warn the wider array of Lady Gaga fans.”
John Stock, senior security consultant at vulnerability management vendor Outpost24, said: “Celebrities like Lady Gaga, who rely massively on communicating with their fan base, need to ensure that their websites are afforded the right level of protection. There have been enough high profile incidents for alarm bells to start ringing. Either protect your website now through robust web vulnerability management, or run the risk of putting your data, or indeed your fans, at risk.”