UK-based audio streaming company, Mixcloud, suffered a data breach earlier this month that exposed 20 million user accounts.
Even worse, according to various news outlets, that information was put on sale on the dark web.
The seller who goes by the handle “A_W_S” reached out to TechCrunch, allowing the company to examine and verify the data, which includes:
- Email addresses
- Passwords scrambled with SHA-2 algorithm
It’s also worth noting that the exact amount of data stolen is unknown. TechCrunch says, “the seller said there were 20 million records, but listed 21 million records on the dark web.” And, the data TechCrunch sampled and verified “suggested there may have been as many as 22 million records.”
Currently, the seller is asking for 0.4 bitcoin, approximately $4,000, for the data.
In response, Mixcloud released a statement saying:
“We received credible reports this evening that hackers sought and gained unauthorized access to some of our systems. Our understanding at this time is that the incident involves email addresses, IP addresses and securely encrypted passwords for a minority of Mixcloud users. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords….Whilst we have no reason to believe that any passwords have been compromised, you may want to change yours, especially if you have been using the same one across multiple services.”