Music streaming service Mixcloud has disclosed a security incident in which unauthorized users gained access to some of its systems, resulting in the sale of customer data on the Dark Web.
Mixcloud published a notice regarding the incident late last week, confirming it received reports that intruders breached its systems. At the time, it reported the attack involved email addresses, IP addresses, and encrypted passwords for a minority of Mixcloud users. Most people sign up for the service via Facebook authentication; their passwords are not stored.
The passwords Mixcloud stores are salted and hashed, it says, and are unlikely to be decrypted. Mixcloud does not store full payment card numbers or mailing addresses, the company reports.
While Mixcloud did not disclose the breach's scale, the alleged attacker who provided a portion of the data to TechCrunch said there were 20 million records stolen. However, 21 million records were listed for sale, and the data sample indicated there may have been up to 22 million records stolen. Data listed includes usernames, email addresses, and salted passwords.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "A Cause You Care About Needs Your Cybersecurity Help."