U.K.-based audio streaming platform Mixcloud became embroiled in a data breach that affected approximately 21 million individuals. The personal information of users was reportedly put for sale on the dark web for around $2,000 to $4,000 each.
Apart from being recognized as a streaming platform, Mixcloud is also an avenue for users to upload their DJ mixes. Users of the program may also upload trackers for other users to discover and listen to.
According to Tech Crunch, the breach occurred sometime in early November. Tech Crunch’s report was based on the information supplied by a seller who reportedly mined customer data. As proof, the seller on the dark web approached a Tech Crunch representative to offer data verification.
Despite being breached earlier in November, the incident only came to the company’s attention last Friday, November 29, 2019. In addition to approaching Tech Crunch, the hacker provided data samples to other tech and news sites, shares ZD Net.
The audio streaming company only became aware of the incident after Motherboard reached out, says Vice.
Compromised information included usernames, email addresses, and hashed passwords. Tech Crunch states that the passwords are protected with the SHA-2 algorithm, meaning these make the data safe and secure.
Other information mined by hackers includes the users’ sign-up dates and the last log-in dates. Besides this, hackers also obtained the users’ country of sign up and the IP address of the users. Links to profile pictures were also compromised, reveals Tech Crunch.
For these details, the hacker, going by the name A_W_S, is currently asking interested buyers to obtain the data for 0.5 bitcoins. This amount goes anywhere from $2,000 to $4,000, notes Vice.
Based on the findings of Mixcloud, a majority of users registered for the platform via Facebook. This means the data of users who signed up via the platform remains safe.
In a statement dated November 30, 2019, Mixcloud issued a security notice via its blog. The company recognized the incident and its plausible implications. While the U.K.-based company maintains that user accounts and passwords are protected, the firm has launched a full-scale investigation.
To clarify, the audio streaming platform also disclosed that it “does not store data such as full credit card numbers or mailing addresses.”
Following the massive breach, Mixcloud urges its customers to change their passwords, “especially if you have been using the same one across multiple services.” Concerned individuals may also contact the company at email@example.com.