Spotify Was Hacked; 350 Thousand Accounts Were Seized
Security researchers discovered an insecure database containing logs of an account hijacking campaign. Researchers discovered the database as it is not secure and accessible over the Internet. It contained more than 380 million individual records, including credentials used to log into 300,000 to 350,000 Spotify Accounts. The datasets also hacked numerous other classified information. Usernames and passwords of people. And it included their email addresses and countries of residence.
The data treasure was stored on an insecure Elasticsearch server discovered by vpnMentor. Both the source and owners of the database are unknown. However, the researchers confirmed the authenticity of the data from Spotify. It was reported that the information was used in fraudulent attempts against the company and its users.
Credential stuffing attacks are automatic attacks where bots try to access websites or services whose credentials have been stolen. Stolen credentials are often used in other data leaks. The bots try and modify the login data until they find the right combination of “old” access data and a new website being attacked and gain access. Using multi-factor authentication often significantly reduces the likelihood that such methods will be successful. However, Spotify doesn’t support this option.
The research team contacted the Swedish audio streaming giant, who responded immediately on July 9. The issue was then resolved by Spotify in eleven days from 10 to 21 July. Affected users had to change their passwords.
Exposed Database Errors
This incident didn’t come from Spotify. The database that was exposed was owned by a third party who used it to store Spotify credentials. These credentials were most likely illegally obtained, the researchers said. Or it could have been leaked from other sources used in credential stuffing attacks on Spotify, ”he said.
The continued success of credential stuffing attacks can be largely attributed to poor password hygiene for users. Unfortunately, many people still tend to make one of the fatal mistakes in password generation. This includes recycling passwords or sharing access data with others. List of the most used Passwords such as “123456” and “123456789”. It shows over and over again how carelessly people treat their accounts.
To protect your online accounts and confidential data, you must first set a secure and unique password, or even better. For your convenience, you can use a Password Manager to store your passwords. This also creates new, secure passwords in no time and requires you to remember only one master password. The next level of security is multi-factor authentication. It provides a significant improvement in the level of protection and should be activated wherever possible.