The music streaming service received reports indicating attackers gained unauthorized access to its systems.
Music streaming service Mixcloud has disclosed a security incident in which unauthorized users gained access to some of its systems, resulting in the sale of customer data on the Dark Web.
Mixcloud published a notice regarding the incident late last week, confirming it received reports that intruders breached its systems. At the time, it reported the attack involved email addresses, IP addresses, and encrypted passwords for a minority of Mixcloud users. Most people sign up for the service via Facebook authentication; their passwords are not stored.
The passwords Mixcloud stores are salted and hashed, it says, and are unlikely to be decrypted. Mixcloud does not store full payment card numbers or mailing addresses, the company reports.
While Mixcloud did not disclose the breach's scale, the alleged attacker who provided a portion of the data to TechCrunch said there were 20 million records stolen. However, 21 million records were listed for sale, and the data sample indicated there may have been up to 22 million records stolen. Data listed includes usernames, email addresses, and salted passwords.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "A Cause You Care About Needs Your Cybersecurity Help."
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024