Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Hacker Tied to Gnosticplayers Selling Information for 21 Million Mixcloud Users

A_W_S: A hacker who goes by the moniker A_W_S is selling the data of 21 million Mixcloud users online for $2,000. A_W_S claimed to have breached the online music service in early November and began contacting journalists on November 29th to share details of the hack. The samples sent to journalists by the hacker contained usernames, email addresses, hashed passwords, users’ nationality, registration data, last login, and IP address. Multiple users who were contacted regarding their information being contained within the breach sample confirmed that the details contained in the sample were correct. Mixcloud confirmed the breach over the weekend but stated that most users had signed up through a linked Facebook account and therefore did not have a password associated with their account. Those who did have passwords should feel safe according to Mixcloud. Mixcloud stated that all passwords on their servers are both salted and hashed to ensure their security. A_W_S has been tied to the threat group Gnosticplayers, who is believed to be responsible for a number of significant data breaches recently.

Analyst Notes

Mixcloud has encouraged users to change their passwords as an extra security measure. Even though the passwords were salted and hashed, it is still possible for anyone who obtains the data to launch a dictionary attack against the password hashes to guess passwords. A dictionary attack is likely to be successful against any account that used a simple password, such as a name or word with some numbers at the start or end of the word. It is also important to note that users of Mixcloud are at increased risk of targeted phishing attacks, especially if they used their work email while registering. Anytime there is a large data breach, the user data becomes a great resource for phishing, as it provides a trove of current email accounts with names or other contextual details useful for crafting convincing phishing messages. More details of this breach can be found at: