Mixcloud Breach Affects 21 Million Accounts (Dec 2, 2019)
The streaming service MixCloud has suffered a data breach after a threat actor called “A_W_S”, distributed personal data of MixCloud users to various media companies including outlets Vice and ZDNet. The data leaked includes email and IP addresses, hashed passwords, registration dates, and last login dates and users’ country of origin. The data has since been placed for sale on Dark Web marketplaces for sale in range from $2,000-$3,700. This is not the first time A_W_S has published personal data for sale on underground marketplaces. They released the data of Canva, a graphic design tool website, Chegg which is an education platform and StockX, an online clothing marketplace.
Recommendation: Leaks of this sort may cause affected individuals to be at a greater risk of phishing attacks. Actors can use this information to craft custom emails to increase their chances of malicious activity being approved by the recipient. Individuals who have accounts associated to this incident should change their passwords as soon as possible, particularly if passwords for said accounts are the same to other online accounts. Individuals should also regularly monitor their credit reports for suspicious activity or consider an identity theft protection service.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.