More than 300K Spotify Accounts have become the Victim of Hackers, In credential stuffing attack

Spotify accounts had been a target of hackers, who got these accesses through the personal information of users. This information was obtained through other sources which are still unknown and through login credentials. Users usually face these threats after making a change in their password. For instance, the addition of strangers in their family accounts or the addition of new playlists, etc.

VPNMentor investigated these happening and said in response that leaking of information of Spotify accounts is not a breach on side of Spotify. Because the hackers get this information of users through credential stuffing (it is a type of attack where hackers get the information of users like emails, passwords from various websites)

If we understand how credential stuffing works, if a person uses the same login credentials of whatever site they originated from and the one being stuffed, the hackers will get easy access to their password information. The same case happened in Spotify accounts,

Around 3 lacs accounts of Spotify have become of these stuffing assaults because their emails and passwords were leaked. It is not a result of social networks susceptible to distortion campaigns and no other financial data known to be leaked. This might seem to be the result of getting paid premium for free for Spotify accounts.

The hackers had no concern with the users whatsoever. What they want is to keep the command of Spotify accounts. Therefore, they were trying to deceive Spotify through large collections of credentials and breaches of data normally released by threat actors for free.

However, Spotify said that around 300 million accounts have been listed in their database, and 3 lacs to 3.5 lacs accounts gotten the attack by hackers.

VpnMentor when contacted to Spotify about the leaked database of users and their effect on the accounts and got the reply on the same day,

Spotify said that after being inquired by VpnMentor that they are systematically resetting the passwords of all users being affected by this credential attack, By making all these changes, the information on the database will become unless and when the hacker will try to use this information this access will be rejected.

Many users were asking for multiple verifications system and Spotify responded to it and took a further step to support multiple verifications, which would reduce the security threats of accounts. So, when you find these options available turn multiple verifications on if you want to remain secure but, remember not to try to reuse them among different websites. That’s how credential attacks begin. These hackers have somehow given us a lesson not to reuse the password.

Photo: AFP / Getty Images
Previous Post Next Post