Posted on November 30, 2019 at 3:49 PM

Mixcloud Suffers a Data Breach that Exposed 20 Million Accounts

Mixcloud, a renowned streaming site, has been breached, as hackers have taken hold or more than 20 million accounts from the site.

According to TechCrunch reporter Zach Whittaker, hackers took hold of the accounts earlier this month. The suspected hacker gave Zach a copy of the files he infiltrated to prove he is the one that breached the site’s platform. Giving out sample data is what most hackers usually do to prove they are responsible for the hack in a company.

Zach verified the hacker’s claim by using the information to validate some of the emails in the sign-up feature of those accounts.

Although the exact number of hacked accounts is not known, there are likely more than 20 million, as the hacker listed about 21 million accounts for sale on the dark web.

The hacker still had plans to carry out another attack, as it was obvious from his communication with Zach. It is not the first time the hacker has contacted Zach concerning his hacking activities.

In August this year, he reached out to Zach, telling him about his plans to carry out another attack. This time, the hacker targeted StockX, a billion-dollar platform where users can buy or sell clothing or shoes.

20 million accounts offered for sale

The breached accounts had already gone on sale in the black web. According to Zach, the hacker wants only half a Bitcoin in exchange for the hacked data.

Although there is no payment card data in the hacked files, it still contains some valuable data, including encrypted passwords, IP addresses, profile photo links, usernames, and email addresses. These are still some pieces of valuable information the hacker can use to his advantage.

But the Mixcloud’s encryption would be very difficult to decrypt, which is the only positive thing about the whole hacking incident. The streaming site is powered by SHA-2, a very strong encryption protocol to break.

It means that accounts with difficult passwords will be almost impossible to decipher. But the number of hacked accounts is something quite worrisome. There are more possibilities of hacking even the strongest platform, where the hacker holds more than 20 million accounts in that platform, no matter the strength of encryption. So, it’s almost certain the hacker would succeed in cracking some accounts if they try.

Not everybody is careful enough to use the strongest keys to protect their passwords. Among users who don’t use strong passwords, some are not just bothered, while others are afraid of forgetting the details of the password. For the second group of account holders, they want to use passwords that would be easier for them to remember, which renders their accounts vulnerable.

Mixcloud yet to respond

As at the time of writing, Mixcloud has not issued any statement regarding the hack, although an investigation into the matter will follow.

According to the GDPR rules, Mixcloud is likely going to face a £20 million fine if it doesn’t carry out the required investigation to sort the problem. Just last year, WindrCo injected about $11.5 million in Mixcloud to help the company facilitate its business processes.

Lisa Rooland,  Mixclouds’ spokesperson, did not answer questions from reporters when she was contacted. She did not indicate whether the company intends to report the incident under the EU and U.S. data breach notification law.

In a similar incident involving Mariott, the hotel giant was fined about £90 million when its site was hacked last year, although this breach was larger than Mixcloud’s current. This breach appears to be a setback for a company that has been rising steadily in popularity since the cash injection.