What Happened
In December 2021 (with some sources citing late 2021 or August 25, 2021, and possible origins as early as 2020), DatPiff.com, a popular hip-hop mixtape hosting platform, suffered a data breach where attackers accessed and stole its user database, exposing approximately 7.5-7.7 million records including usernames, email addresses, hashed or cracked plaintext passwords (originally MD5 with static salt), and security questions with answers. The stolen data quickly surfaced for sale on underground hacking forums, was dehashed in subsequent releases, and eventually leaked publicly for free, heightening risks of phishing, credential stuffing, and account takeovers for affected users. DatPiff did not publicly acknowledge the incident, leaving users to check services like Have I Been Pwned for exposure. Conflicting reports exist on exact record counts (e.g., 7,476,940 vs. 7,693,653) and additional data like phone numbers or addresses (mentioned only in less authoritative sources), but core exposed fields align across credible trackers.
