British music streaming service Mixcloud disclosed that hackers gained access in early November 2019 to some of their systems. The hacker was able to access users data, including usernames, email addresses, SHA-2 hashed passwords, account sign-up dates, country from which the user signed up, last login date, IP addresses, and links to profile photos. The actual passwords were stolen, and the SHA-2 encrypted passwords are considered nearly impossible to unscramble.
Although Mixcloud hasn’t revealed the true scale of the attack, the alleged hacker told various news sources that the trove contained details of at least 20 million customers, and offered it for sale on the dark web for 0.5 Bitcoin (about $4,000).
Read more about it here.