Weak passwords leave 300,000 Spotify accounts vulnerable to hackers
- The primary cause behind the user credentials of over 300,000 Spotify users getting leaked was weak passwords and their reuse across different platforms.
- The cybersecurity firm behind the discovery, vpnMentor has not yet been able to ascertain how the information was obtained or who’s behind the attack.
- However, both vpnMentor and Spotify believe that the most likely reason is that these passwords were picked up from other applications and websites.
- Since being informed of the data breach, Spotify initiated a ‘rolling reset’ of passwords for the users who have been affected.
|Size of data||72 GB|
|Number of records||380 million|
|Suspected number of users||300,000 to 350,000|
|Date discovered||July 3|
|Date of contacting Spotify||July 9|
|Date of response||July 9|
|Date of action||July 10 - 21|
|Type of data exposed||Email addresses, login credentials|
As of now, both the origin and owners of the database remain unknown. However, the researchers were able to validate the integrity of the data by contacting Spotify, which confirmed that the information had been used to defraud both the company and its users.
The fault did not lie with Spotify
Credit stuffing is when hackers take advantage of weak passwords and users may be repeating across several accounts. “The hackers were possibly using login credentials stolen from another platform, app, or website and using them to access Spotify accounts,” said vpnMentor’s report.
According to the company, the data breach is not because security was lax at their end, but because users were reusing passwords across different services.
“As the report states, this issue did not originate with Spotify and it accurately describes our outreach to affected users and our actions to protect their accounts. We take any and all fraudulent activity on our service extremely seriously and we are committed to the security of our users’ data,” Spotify’s spokesperson told Business Insider India in a statement.
However, the company does not have any region-specific or country-specific data to shed light on the geographical distribution of the breach.
How can Spotify users check if they were hacked?
If you were one of the individuals affected by the data breach, you have probably received an email from Spotify to reset your password by now.
The company initiated a ‘rolling reset’ of passwords once the issue came to their notice. This means that it sent out emails to users informing them that their account has been reset with a temporary alpha-numeric password, which they will now have to update when they log in next.
“We are aware of these types of tools that target vulnerable usernames and user passwords, and we strongly discourage users from using the same credentials across different services. That is the most effective way to protect account information from this kind of attack,” advised Spotify.
LVB-DBS Bank India merger approved by Union Cabinet — ‘those who have made mistakes will be punished’
Bank employees to go on a nationwide strike on November 26 in solidarity with farmers’ protests
Twitter's coveted blue ticks are making a comeback next year along with new account types and labels
Popular on BI
- Elon Musk sparks another Shiba Inu rally ‘to the moon’ — other Shiba coins follow suit
- Elon Musk’s puppy, a new strategy to burn tokens, and altcoins playing catch up — the perfect storm for cryptocurrency Shiba Inu to skyrocket
- Apple M1 Pro and M1 Max vs M1: Here’s what Apple improved with its new custom chips
- Ola S1 and S1 Pro test rides to begin on November 10
- SUN Mobility raises $50 million from energy giant Vitol
- Reliance Jio cements its lead over Airtel in both total as well as active subscribers
- Realme GT Neo 2 vs OnePlus Nord 2: Price, specs and features compared
- Titan, Kalyan Jewellers and other jewellery stocks rally in last one month on high bullion prices