Mixcloud Investigating Alleged Data Breach Impacting 21 Million Users
An information reseller is promoting an alleged 21 million person accounts stolen from song streaming website Mixcloud at the darkish internet.
The supplier, who is going through the maintain “A_W_S,” is these days inquiring for round zero.five bitcoins, or roughly $four,000, for the information.
Motherboard knowledgeable Mixcloud of the obvious breach. Company CTO and co-founder Mat Clayton stated this used to be the primary they’d heard of the incident, and began investigating the problem.
“We received credible reports this evening that hackers sought and gained unauthorized access to some of our systems,” Mixcloud’s co-founders advised Motherboard in a remark. “The majority of Mixcloud users signed up via Facebook authentication, where by default no password is stored. Mixcloud does not store data such as full credit card numbers or mailing addresses,” the remark added.
Mixcloud shall we customers add their very own DJ mixes and tracks for others to hear. In July the corporate introduced a “Premium” subscription carrier and restricted options free of charge customers. In 2017, the corporate stated it had over 17 million customers.
A_W_S equipped Motherboard with a pattern of one,000 Mixcloud accounts. The knowledge contains usernames, e mail addresses, and hashed passwords. Hashing is some way of scrambling passwords so they may be able to be saved extra securely; Mixcloud is the usage of a powerful manner for producing those hashes, in step with the information. A_W_S stated the information used to be received in overdue 2019.
To test the information, Motherboard took a random collection of the e-mail addresses and attempted to create accounts on Mixcloud with them. In all the instances this used to be now not imaginable because the addresses have been already connected to Mixcloud accounts, corroborating the information’s legitimacy.
“We have no reason to believe that any passwords have been compromised. However you may want to change yours especially if you have been using the same one across multiple services,” Mixcloud steered in its remark.
“We are actively investigating this incident. We apologize to those affected and are sorry that this has happened,” it added.
Update: This piece has been up to date to explain Mixcloud’s hashing manner and upload remark from Mixcloud.
Subscribe to our cybersecurity podcast, CYBER.