Millions of mixtape fans could be at risk of being hacked

Database of DatPiff user credentials has been leaked online

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The account credentials and emails of almost 7.5m users of the mixtapehosting serviceDatPiff have been made available to download for free on a popularhacking forum.

First launched in 2005, DatPiff has over 15m users though the service also allows unregistered users to download or upload samples for free.

While it’s still unclear as to exactly when DatPiff suffered a data breach, the site’sdatabasewas first sold privately and then publicly on hacking forums beginning in July of 2020 according to anew reportfromBleepingComputer.

In total, the stolen DatPiff database contains 7,476,940 member records including the email addresses, passwords, usernames and security questions of its users.

Cracked passwords

Beginning in November, another cybercriminal began selling the DatPiff database on the same hacking forum. This time though, the records it contained were dehashed to include both users' plain-text passwords and email addresses. However, someone else took things a step further by releasing the database for free allowing anyone to download and use the information it contains for a variety of malicious activities.

The reason the passwords in the database were able to be cracked is because DatPiff hashed them using the older and now obsolete MD5 algorithm which was first developed in 1992. MD5 passwords can be dehashed by comparing hashes to known MD5 worldlists or by usingcracking toolsin an attempt to brute force the passwords.

In December of last year,BleepingComputerwas informed that an attacker was able to breach DatPiff’s website by using a vulnerability scanner that allowed them to access a server with an old database backup.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Although DatPiff has yet to release a statement or notify its users by email regarding the incident at the time of writing, anyone with an account on the site should change their password immediately and consider using apassword generatorto create strong passwords as well as apassword managerto store them securely.

We’ve also featured thebest identity theft protection,best antivirusandbest firewall

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report