The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service.
DatPiff is a popular mixtape hosting service used by over 15 million users, allowing unregistered users to download or upload samples for free.
The DatPiff data breach
It is unclear when the data breach occurred, but the DatPiff database was first sold privately and then publicly on hacking forums in July 2020.
The stolen DatPiff database contains 7,476,940 member records, including a user’s email address, password, username, and security question.
On November 30th, another data breach collector began selling the database again on the same hacking forum. However, this time, the passwords were dehashed to include the plain-text passwords along with the email address.