Millions of mixtape fans could be at risk of being hacked
Database of DatPiff user credentials has been leaked online
The account credentials and emails of almost 7.5m users of the mixtape hosting service DatPiff have been made available to download for free on a popular hacking forum.
First launched in 2005, DatPiff has over 15m users though the service also allows unregistered users to download or upload samples for free.
While it's still unclear as to exactly when DatPiff suffered a data breach, the site's database was first sold privately and then publicly on hacking forums beginning in July of 2020 according to a new report from BleepingComputer.
In total, the stolen DatPiff database contains 7,476,940 member records including the email addresses, passwords, usernames and security questions of its users.
Cracked passwords
Beginning in November, another cybercriminal began selling the DatPiff database on the same hacking forum. This time though, the records it contained were dehashed to include both users' plain-text passwords and email addresses. However, someone else took things a step further by releasing the database for free allowing anyone to download and use the information it contains for a variety of malicious activities.
The reason the passwords in the database were able to be cracked is because DatPiff hashed them using the older and now obsolete MD5 algorithm which was first developed in 1992. MD5 passwords can be dehashed by comparing hashes to known MD5 worldlists or by using cracking tools in an attempt to brute force the passwords.
In December of last year, BleepingComputer was informed that an attacker was able to breach DatPiff's website by using a vulnerability scanner that allowed them to access a server with an old database backup.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Although DatPiff has yet to release a statement or notify its users by email regarding the incident at the time of writing, anyone with an account on the site should change their password immediately and consider using a password generator to create strong passwords as well as a password manager to store them securely.
We've also featured the best identity theft protection, best antivirus and best firewall
Via BleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.