On Friday, the hacker that goes online with the handle “A_W_S” contacted multiple media outlets to disclose the hack, it also provided data samples as proof of the data breach.
The hack took place in early November and exposed data for more than 20 million user accounts. The hacker access to users’ data, including
“We verified a portion of the data by validating emails against the site’s sign-up feature, though Mixcloud does not require users to verify their email addresses.” reads a post published by Techcrunch. “The exact amount of data stolen isn’t known. The seller said there were 20 million records, but listed 21 million records on the dark web. But the data we sampled suggested there may have been as many as 22 million records based off unique values in the data set we were given.”
The hacker was offering for sale the data dump for 0.27 bitcoin (around $2,000).
ZDNet reached several users whose data was included in the sample the hacker shared with them and several of them and several confirmed they had recently registered a Mixcloud account.
TechCrunch pointed out that the dark web seller is the same hacker that alerted TechCrunch to the
On Saturday, Mixcloud disclosed the incident breach, the security notice published by the company confirms the hack, but highlights that accessed systems do not store data such as full credit card numbers or mailing addresses.
“We received credible reports this evening that hackers sought and gained unauthorized access to some of our systems.” reads the security notice published by the company.
“Our understanding at this time is that the incident involves email addresses, IP addresses and
(SecurityAffairs – Mixcloud, data breach)