An attacker has hacked Mixcloud (the online music streaming service) previously this month, and is now trading the website’s consumer data online, on a dark web market. The hack was found last week, when the attacker contacted various journalists to share headlines of the hack and to offer data samples.
As per a sample of the pinched data, the attacker is selling user information of Mixcloud that comprises details such as email addresses, usernames, users’ country of origin, hashed password strings, last login dates, registration dates, and IP addresses. The breach seems to have occurred earlier to November 13, 2019, which is the enrollment date for the previous user profile comprised in the data dump.
Media alerted various consumers whose info was comprised in the sample, and a number of have verified they had lately enrolled a Mixcloud account. Tech news websites also confirmed the authenticity of data via other methods, too. Mixcloud verified the hack last week in a blog post. The firm claimed that most consumers had enrolled via Facebook, and did not have a password related with their account.
For those that did, Mixcloud claimed that passwords must be secure, as each one was salted and passed via a solid hashing feature, making it presently unfeasible to reverse again to its cleartext format. Either way, the firm suggested that consumers reset passwords, just to be secure.
This indicates that the info touted on the dark web currently is just a lengthy list of uncrackable passwords and email addresses. The Mixcloud data is presently sold for a cost of $2,000. The attacker responsible for the Mixcloud hack goes by the A_W_S name, and has been comprised in other hacks collectively with another attacker dubbed as Gnosticplayers.