The online music streaming service Mixcloud was recently attacked by hackers and user data was sold on the dark web. Recently, a hacker nicknamed “A_W_S” contacted multiple media to expose the incident and provided data samples as evidence of a data breach.
The attack occurred in early November, and data on more than 20 million user accounts were exposed. This data includes username, email address, SHA-2 hashed password, account registration date, and country, last login date, IP address, and link to profile photo. The hacker sold the data for 0.27 Bitcoin (about $ 2,000).
An article published by Techcrunch states: “We verified a portion of the data by validating emails against the site’s sign-up feature, though Mixcloud does not require users to verify their email addresses. The exact amount of data stolen isn’t known. The seller said there were 20 million records, but listed 21 million records on the dark web. But the data we sampled suggested there may have been as many as 22 million records based off unique values in the data set we were given.”
Last Saturday, Mixcloud released a security announcement that disclosed the incident. The company also emphasized that the system does not store data such as complete credit card numbers or mailing addresses. Mixcloud is actively investigating this incident and recommends that users reset their passwords.