Hackers and attackers are continuously learning new ways on how to break through secure channels and platforms. A new report surfaced earlier, claiming that the popular audio streaming site Mixcloud has been allegedly compromised. The breach reportedly left account details of its 22 million users exposed and now for sale on the Dark Web.

The breach reportedly happened earlier in Nov. 2019, as reported by Zach Whittaker of Tech Crunch. The tech journalist has been allegedly provided by the individual claiming responsibility for the security breach with a sample of the data. This is what hackers usually do to prove the integrity of their claims and to add to their bragging rights.

The same hacker reportedly reached to the journalist in Aug.2019 and shared details of another breach. The incident involved the six billion dollars online marketplace StockX. The company’s online platform allows users to sell and purchase clothing and shoes.

The hacker is reportedly asking for .5 bitcoin (around $3900) in exchange for the hacked Mixcloud user account information. The recent Mixcloud breach does not involve any payment card information. However, it is still serious, considering that IP addresses, email addresses, encrypted passwords, links to profile photos, and usernames are exposed.

Despite the recent breach, Mixcloud users can thank the company for its secure encryption. Mixcloud hashed the passwords of its users with SHA-2, a robust and cryptographic standard, reveals the report. Because of this, users who have assigned well-crafted passwords would be almost impossible to crack.

But, in a database with more than 20 million user accounts and records, it is highly likely that many of the passwords are extremely difficult to guess. The problem, though, is that some users keep on using the same old passwords that were several times considered worst, bad, or weak. When a database like that of Mixcloud gets exposed, weak passwords return and haunt the users who chose them, says Forbes.

With the exposure of users' account information, as revealed in the recent report, Mixcloud has not yet provided an official statement in relation to the breach. It is highly likely that an investigation will take place. Forbes says that the London-based company could be held liable and fined to as much as £20 million or 4 percent of its annual turnover as stipulated in the guidelines of the GDPR.95