A UK based audio streaming platform, Mixcloud had recently been unfortunate which had led to the exposure of about 20 million users account that were put on sale on the dark web after a serious data breach.
The incident happened earlier in November. This was confirmed because the seller offered a portion of these data to TechCrunch which allowed the news company to examine and then verify the authenticity of these data.
It of course contained sensitive information such as the Account’s username, Email address and Password that seems to be scrambled with the SHA-2 algorithm that makes the password nearly impossible to unscramble. Other information contained within the breached data also includes account sign-up dates and the last-login date. It also includes the country from which the user signed up from as well as their IP address and links to their profile photos.
TechCrunch confirmed it did a verification test on a portion of the data by validating emails against the site’s sign-up feature, though Mixcloud does not require users to verify their email addresses. While the amount of data that was stolen isn’t officially pronounced, it’s suggested that the number could total 20 Million even though the seller listed about 21 million records on the Dark Web market.
- Advertisement -
The sales price of the data is about $4000 USD (NG ₦ 1,450,000 or SAR 58,616.56 ) or 0.5 Bitcoin. TechCrunch failed to link to the dark web sales of the data.
Meanwhile MixCloud secured about $11.5 Million investment in cash last year from a media investment company called WndrCo that was led by Hollywood media proprietor called Jeffrey Katzenberg. This is yet another big Data breach recently and this could affect the company’s system of operation even though we’re not sure about that.
The Dark Web seller seems to be a prolific one as it’s the same seller that ones alerted TechCrunch about the sales of StockX breach earlier this year. StockX initially announced that it’s system wide password reset was due to system updates but soon admitted that it’s been hacked and million of users records were exposed.
TechCrunch sent a reachout to the MixCloud company while it’s spokesperson, Lisa Roolant didn’t make any comment beyond a corporate statement. She in fact failed to answer any question she was asked — including if the company planned to inform regulators under U.S. state and EU data breach notification laws.
Co-founder Nico Perez also declined to comment further.
As a London-based company, Mixcloud falls under U.K. and European data protection rules. Companies can be fined up to 4% of their annual turnover for violations of European GDPR rules.
Corrected the fourth paragraph to clarify that emails were validated against the site’s sign-up feature, and not the password reset feature. Updated to include comment from the company.