The online music streaming service Mixcloud was recently breached by a hacker that is attempting to sell stolen user data in a dark web marketplace.
On Friday, the hacker that goes online with the handle “A_W_S” contacted multiple media outlets to disclose the hack, it also provided data samples as proof of the data breach.
The hack took place in early November and exposed data for more than 20 million user accounts. The hacker access to users’ data, including usernames, email addresses, SHA-2 hashed passwords, account sign-up dates, and country, the last login date, the internet (IP) address, and links to profile photos.
“We verified a portion of the data by validating emails against the site’s sign-up feature, though Mixcloud does not require users to verify their email addresses.” reads a post published by Techcrunch. “The exact amount of data stolen isn’t known. The seller said there were 20 million records, but listed 21 million records on the dark web. But the data we sampled suggested there may have been as many as 22 million records based off unique values in the data set we were given.”
The hacker was offering for sale the data dump for 0.27 bitcoin (around $2,000).
Image source: ZDNet
ZDNet reached several users whose data was included in the sample the hacker shared with them and several of them and several confirmed they had recently registered a Mixcloud account.
TechCrunch pointed out that the dark web seller is the same hacker that alerted TechCrunch to the StockX breach in August. At the time the hacker claimed to have stolen more than 6.8 million records from the company back in May.
On Saturday, Mixcloud disclosed the incident breach, the security notice published by the company confirms the hack, but highlights that accessed systems do not store data such as full credit card numbers or mailing addresses.
“We received credible reports this evening that hackers sought and gained unauthorized access to some of our systems.” reads the security notice published by the company.
“Our understanding at this time is that the incident involves email addresses, IP addresses and securely encrypted passwords for a minority of Mixcloud users. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords.”
Mixcloud confirmed that it is actively investigating the incident and recommended users reset passwords as a precautionary measure.
Editor-in-Chief, Cyber Defense Magazine