How To: Have Your Friends Ever Used Pandora on Your Computer? Well, You Can Steal Their Passwords

Have Your Friends Ever Used Pandora on Your Computer? Well, You Can Steal Their Passwords

If you've ever logged on to the popular music application Pandora, your password is saved onto that computer in the local storage...for good.

So for everyone reading this article, you should change your password to a throwaway one that's only used for Pandora, because if you ever log on to a public, work or friend's computer and play some tunes through Pandora, you've just given the owner of that computer your password—and you might use it for other online accounts (a really, really bad thing to do).

Now, imagine your friends don't know about this and log in to Pandora on your own computer? Well, you can get their password, email, and login name now. This hack can be done on other browsers, but this article is specifically for Google Chrome.

How to Find Their Pandora Passwords

First, start out by being on Pandora's website. Then, follow the directions below for your specific browser.

Google Chrome

  • Developer Tools --> Resources --> Local Storage --> pandora.com

Safari

  • Developer --> Show Web Inspector --> Resources --> Local Storage --> pandora.com

Firefox

  • Download Firebug --> Open Firebug --> Console --> insert the following code (not in italics):

for (var i = 0; i < localStorage.length; i++){
console.log(localStorage.key(i),localStorage.getItem(localStorage.key(i)));
}

And then you just have to click Run.

For each web browser, the data you find should all look the same. Paste the data into the text box on Zorinaq's Pandorhack and click on the Decrypt button.

The user name and password should appear like this:

Username":""________"", "Password":""_________""

Voilà! You now have the username, email and password of everyone that has logged into Pandora on that computer. Most people use the same email and password, so feel free to try and get into all of their social media accounts and wreak havoc.

In fact, to play it safe, you yourself should probably have a throwaway password for every website and make things easier on yourself. Using something like LastPass allows you to only really remember one password which gives you access to every other password. Though it won't protect your Pandora password from getting hijacked on someone else's machine, it will make it easier to create random passwords for multiple sites.

NOTE: It seems that Pandora has removed the password from local storage, but the passwords can still be stolen if users do not explicitly log off.

Be the First to Comment

Share Your Thoughts

  • Hot
  • Latest