21M customer records stolen from music streaming service Mixcloud

How the hack took place remains unknown. As a U.K.-based company, Mixcloud is required to comply with the European Union’s General Data Protection Regulation, so an investigation will be forthcoming. Even if the U.K. leaves the EU either later this year or early next year, the regulation is still applicable because the company has customers in Europe and hence GDPR compliance is still required.

“In terms of the alleged breach of Mixcloud, it seems that an incident has indeed occurred but its scope and impact are pretty obscure,” Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE. “I’d refrain from any determinative conclusions until Mixcloud conducts a holistic investigation including an in-depth review of their trusted third-parties for possible data breaches or leaks.”

Kolochenko said public marketplaces on the dark web become an abundant source of unverifiable data breaches.

“Using pretty simple Machine Learning models or traditional algorithms tailored to morph data in a specific manner, unscrupulous sellers often alter previously exposed data sets and advertise them as recent breaches,” he said. “Certain stolen records come from hacked third parties that process a large number of accounts and are actually advertised as a data breach affecting the main company, not its supplier. I would, however, not underplay the risks and promptly investigate every mention in the dark web to ascertain whether and when the data breach has actually occurred.” Read Full Article