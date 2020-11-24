Personal and login details of more than 350,000 Spotify users have been discovered in a large 72GB database, containing more than 38 million pieces of data, which has been exposed on the Internet, according to research carried out by the vpnMentor company.

Users who repeat their passwords on different digital platforms are the target of cybercriminals who use the technique of “filling in credentials”

Researchers from this company have found this information on an Elasticsearch search server, where it was available and unencrypted, allowing anyone to access it. Possibly the cybercriminals who obtained it neglected to protect the information.

The data is believed to have been obtained through a technique called “credential stuffing” which in Spanish means “credential filling” and consists of taking email names and passwords from other platforms, applications or websites that have already been exposed on the Internet, and that hackers try until they find the ones that match the initial ones session on Spotify.

Although it may seem like an arduous task for hackers, it is not so hard, because many users repeat or “reuse” the same password for different online services. That is why it is always recommended to change them regularly and not use the same password for different online platforms, because if one is exposed, the rest of the services would also be compromised.

Among the information collected from Spotify users are usernames, account passwords, email addresses and countries of residence. Several IP addresses were even found but it is believed that they are from the proxy servers belonging to the network operators where the data is hosted.

Spotify has been notified of what happened and you have reestablished accounts and login of affected users. In addition, he has sent them an email to change their login credentials and has recommended that they use a completely different password, not only from the previous one, but from other digital platforms they have.

Although controlling that a user does not repeat the same password in different accounts is difficult, Spotify has contacted its users through an email indicating what has happened and recommending that they not repeat passwords.

For its part, vpnMentor, has recommended that affected users also access their accounts in other online services and immediately change the login passwords, because the data is still exposed. He has also advised that when creating a password, random key generators be used and password evaluator systems be used to know the level of difficulty they have before finally using them.

