21 million users data exposed by hackers online and is now available for sale on the dark web.
The hack appears to have taken place on or before November 13, as per the registration date for the last user profile included in the data.
The hacker contacted several journalists on Friday to disclose the news of the breach and also provided data samples as proof of the data breach.
“We received credible reports this evening that hackers sought and gained unauthorised access to some of our systems,” reads the security note published by the company.
Mixcloud is a British online music streaming service that allows for the listening and distribution of radio shows, DJ mixes and podcasts, which are crowdsourced by its registered users. Mixcloud secured $11.5 million from WndrCo LLC, a holding company in Los Angeles and San Francisco led by Hollywood media proprietary Jeffrey Katzenberg.
What are the data exposed online?
The data contained usernames, email addresses and SHA-2 hashed passwords. The data also contained account sign-up dates, the last login date, the country from which the user signed up, their internet (IP) address and links to profile photos.
“Our understanding at this time is that the incident involves email addresses, IP addresses and securely encrypted passwords for a minority of Mixcloud users. The majority of Mixcloud users signed up via Facebook authentication, in which we do not store passwords,” said the company.
The exact information about the stolen data is not known. Even though the seller said there were 20 million records stolen but on the dark web it lists 21 million records. According to ZDNet, The stolen Mixcloud information is sold on the Dark Web for $ 2,000. As per other reports, it was found that data was listed for sale for $4,000 or about 0.5 bitcoin.
It is still unknown how the hackers managed to compromise the system and access the information.
The company recommends its users to reset passwords just to be on the safer side.
The hacker behind the Mixcloud breach
The hacker under the name A_W_S is behind the breach joining with another hacker Gnosticplayers.
A_W_S claimed responsibility to be involved in hacks of the following companies:
- Canva – 137million
- Chegg – 40million
- Poshmark – 36million
- PromoFarma – 26 million
- RoadTrippers – 25million
- StockX – 6.8million
- StorEnvy – 23million
- Wirecard (Brazil) – 48million
You may be interested in reading: ASP.NET Hit by Ransomware