Credential stuffing attack hits over 300,000 Spotify accounts
With its increased popularity in 2008 (just 2 years after the launch), the audio streaming platform has been a cyberattack victim several times.
A “credential stuffing” attack reportedly had hit Spotify in the summer of 2020. This cyberattack could have allowed hackers to take over user accounts, disrupting playlists and profiles, with around 300 million Spotify attacks at risk.
This week, a report from VPNMentor has highlighted how a database containing over 380 million records is currently being used to hack into Spotify accounts. The company’s app and online platform were both affected.
It’s unclear how the database was compiled, but such resources are typically put together following major data breaches or cyberattacks on other online targets before being released either for free or underpayment on the Dark Web.
“In response to several media inquiries, Spotify initiated a ‘rolling reset’ of passwords for all users affected. As a result, the information on the database would be voided and become useless,” the researchers stated. However, this rolling password reset will only protect your Spotify account and no other digital accounts where you would’ve used the same login credentials.
Spotify added that all compromised accounts were issued a password reset in July. Users should change their login details now if they haven’t already. Suppose if you have re-used your Spotify passwords on other accounts. In that case, these should also be changed immediately in order to make sure no weak spots remain.
Do you want to know what credential stuffing is? Read our article on what credential stuffing is and how it works.