A new data dump is on sale on the dark web right now, according to a report published by TechCrunch, that seems to come from a breach that has occurred on the audio streaming platform in Mixcloud. Mixcloud is a popular United Kingdom-based streaming service launched more than ten years ago that offers a range of radio shows, DJ mixes, podcasts and songs. As seems, earlier in the month, the platform encountered a breach of data but it was not disclosed to the public.
Mixcloud may not have acknowledged the breach or decided to keep it secret until its internal investigation was completed. Nevertheless, the data dump is currently on sale and we do not find it to be good if there is nothing in the audio streaming platform to warn users. The information for sale includes user names, email addresses, IP addresses, links to profile images, countries and passwords protected by SHA-2. This last detail gives the exposed users some comfort as the SHA-2 has a cryptographically secure haze feature.
TechCrunch has tested and verified the authenticity of some of the data being sold. The price tag is 0.5 Bitcoin, or about $4000 for this dump. That is a small amount per account, because without passwords, the data is not very valuable. The exposed users, however, could still suffer from phishing attacks or other tentatives. Having said that, we unblock websites recommend that you reset your password on the platform now, but note that that will not remove the risk of this incident.
The United Kingdom remains part of Europe as far as Mixcloud is concerned, and therefore the GDPR regulations apply to the company. This said, they will most likely be punished for this data breaking by up to 4% of their annual turnover. In the meantime, an official announcement would be easier if it were more detailed to explain what happened and also to give data breach notices to the users concerned. I can say that nothing has yet been circulated as a Mixcloud client myself.
While hoping MixCloud can soon take measures to stop this kind of data breach from happening again, in my opinion, it is also better to count on ourselves for protecting our data. You can download a VPN and use VPN services to encrypt your data and protect your privacy.