A data breach of UK-based Mixcloud has yielded personal details from more than 20 million accounts, including user names and email addresses, according to a story in Motherboard. The trove also includes hashed passcodes, which means they are changed into a string that makes them difficult to crack.
Mixcloud is a streaming music service based in London, which serves up music, podcasts and more. The hack of its data, while extensive and including millions of pieces of data, is for sale for just .5 bitcoin, which is currently valued at about $3,700. That price may be lower because the passcodes are readily available. Still, email addresses, when known, put people at risk of phishing hacks, when notes are electronically crafted in a way to imply the sender knows the receiver, encouraging someone to open the email.
The music streaming service Mixcloud has been breached, with data from more than 20 million accounts now up for sale
When email addresses are coupled with other personal details, as the Mixcloud breach includes such as IP address, that makes phishing even easier. An IP address, for example, reveals a geographic piece of information about whether a router, connected to the internet, is located that got your device online.
This kind of threat is actually decreasing, according to a 2019 report from security services firm Symantec, which noted that rates of phishing dropped from 1 in 2,995 emails in 2017 to 1 in 3,207 emails in 2018. That drop has been consistent for the past four years.
While the average consumer has very little control over whether a company they buy from is a victim of a data breach, they can take steps to mitigate the impact if a site they use has been hacked.
To start, don't open attachments or emails from people they don't know — and be thoughtful before opening attachments even from people they do, looking for language that looks off, maybe not typical language used by the sender.
Reusing passwords across different sites is considered dangerous, with experts suggesting people create unique passcodes for each site they frequent.
Chrome users can also take advantage of its Password Checkup, which will alert people if passwords they're using online were recently found as part of a data breach. The badge even turns colors to give users a visual reference if there is an issue.
In short, however, re-using the same passcode is never a good idea across web sites and accounts. Even Mixcloud told Motherboard it though people might want to create a new password for the site, good advice for any customer of the streaming service. But the company has yet to post anything on the front page of its web site, notifying the issue at hand. That means many users may still not know about the data breach themselves.