The personal data of tens of millions of Mixcloud users have been put on sale on the dark web.
In a statement, the British streaming service, Mixcloud announced that it has received reports about hackers gaining unauthorised access to some of its systems.
“Our understanding at this time is that the incident involves email addresses, IP addresses and securely encrypted passwords for a minority of Mixcloud users. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords.”
It should be noted that the company does not store mailing addresses or full credit card details.
For those that signed up with passwords rather than Facebook authentication, their passwords were scrambled with the SHA-2 algorithm, making it near impossible to crack.
It remains unknown as to how much data was stolen, however an alleged hacker told multiple news sources that there were at least 20 million records. In addition, the data is allegedly being sold on the dark web for 0.5 Bitcoin ($3,650).
“Whilst we have no reason to believe that any passwords have been compromised, you may want to change yours, especially if you have been using the same one across multiple services.
“We are actively investigating the incident. We apologize to those affected and are sorry that this has happened. We understand this is frustrating and upsetting to hear, and we take the trust you put in us very seriously,” Mixcloud concluded.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.