The online music streaming service Mixcloud was breached by a hacker earlier this month, and is now selling the user data online, on a dark web marketplace.
The details about the hack came to light when the hacker contacted several journalists to share news of the breach and to provide data samples.
According to stolen data sample, the hacker is selling Mixcloud user information which includes details such as usernames, email addresses, hashed password strings, users’ country of origin, registration dates, last login dates, and IP addresses.
The breach is believed to have occurred on or before November 13, which is the registration date for the last user profile included in the data dump.
Mixcloud confirmed the breach in their blog post and the company said that most users had signed up through Facebook, and did not have a password associated with their account.
Mixcloud stated that those user accounts with passwords are safe, as each password was salted and passed through a strong hashing function (SHA256 algorithm, according to the sample), making it currently impossible to reverse back to its cleartext form.
Even then the company recommends that the users must change their password just to be on the safer side.
This indicates that the data put up for sale on the dark web is just a long list of email addresses and uncrackable passwords. The Mixcloud data is currently sold for a price of $2,000.
The hacker responsible for the Mixcloud breach is known by the name of A_W_S, and has been involved in other hacks together with another hacker known as Gnosticplayers.
The hackers earlier admitted in August for hacking Canva (137 million users), Chegg (40 million), StockX (6.8 million), Poshmark (36 million), PromoFarma (26 million), RoadTrippers (25 million), StorEnvy (23 million), and Wirecard Brazil (48 million).
Canva, Chegg, and StockX publicly acknowledged the breaches while the other five companies did not give any confirmation.