In 2019, every digital service with a significant profile is a target for hackers. The latest music service dealing with the after-effects of a security breach is Mixcloud. According to both Motherboard and TechCrunch, a data reseller is asking for around $4k (paid in bitcoin) for details of 21m user accounts from the audio-streaming service.
Mixcloud has issued a statement. “We received credible reports this evening that hackers sought and gained unauthorised access to some of our systems. Our understanding at this time is that the incident involves email addresses, IP addresses and securely encrypted passwords for a minority of Mixcloud users. The majority of Mixcloud users signed up via Facebook authentication, in which cases we do not store passwords,” said the company.
The message to listeners is one of reassurance, but Mixcloud is clearly taking the breach seriously too. “Mixcloud does not store data such as full credit card numbers or mailing addresses. The passwords that Mixcloud does store are encrypted with salted cryptographic hashes to ensure that they are extremely difficult to unscramble. This means that they are unlikely to be decrypted by hackers,” explained the company.
“Whilst we have no reason to believe that any passwords have been compromised, you may want to change yours, especially if you have been using the same one across multiple services. We are actively investigating the incident. We apologise to those affected and are sorry that this has happened. We understand this is frustrating and upsetting to hear, and we take the trust you put in us very seriously.”
While Mixcloud continues its investigations into how the breach occurred, this is all a reminder to every music-streaming services that their security is constantly being probed by would-be cyber-criminals. Keeping their defences up to date – and making sure (as Mixcloud appears to have done) that user data is stored in such a way as to make any breach as harmless as possible – are part and parcel of the modern DSP’s business.