Mixcloud, a British online crowd-sourced streaming service, disclosed that 21 million user accounts have been stolen from the site and are being sold on the dark web.
According to Vice, the seller, “A_W_S”, is asking for 0.5 in bitcoin, translating to $4,000 dollars for the data.
The breach took place earlier this month, though Mixcloud didn’t go public with the breach until November 31st. Mixcloud has released their own statement in a blog post, stating that the breach cost users their email addresses, recent login dates, and IP addresses. In addition, a minority of users have lost their securely encrypted passwords. However, these passwords have been encrypted with the SHA2 (Secure Hash Algorithm 2), and are therefore at a very low risk of being reverted back to a readable format.
Despite some passwords being stolen, Mixcloud believes that most passwords will be safe. This is due to the fact that most Mixcloud users signed up through the Facebook authentication, rather than creating a traditional log in and password. As a result, their passwords are not stored on Mixcloud.
However, they, and we, still urge users to change their passwords, especially if you use the same password for multiple services. Thankfully, Mixcloud does not store full credit card numbers or mailing addresses on the site.