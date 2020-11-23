A safety report Submitted by vpnMentor reveals that more than 300,000 Spotify users were victims of “credential stuffing.” This is a practice used by cybercrime to hijack accounts whose passwords are weak, and “often reused, online”.

vpnMentor notes that the origins of this operation are unknown, but it is clear that the hackers were targeting Spotify and its users. In this regard, the research team points out:

“The hackers were possibly using login credentials stolen from another platform, application or website and using them to access Spotify accounts.”

More than 380 thousand accounts were compromised

They add that the records occupied a space of 72 GB, equivalent to more than 380 thousand profiles, which included login credentials and other user data that are validated with the Spotify service. Similarly, they point out that the account data was on an unreliable platform, whose server responds to Elasticsearch.

What was the purpose of the hackers? Basically accessing the Premium accounts of the users and enjoying the benefits they offer. Which? Access the wide catalog of songs offered by the company, download thousands of songs on up to three different devices, among other functions.

How did Spotify solve this situation?

Upon receipt of the report from vpnMentor, the streaming service “initiated a continuous password reset” for the accounts that were victims of the attack. In this way, the credentials currently used by hackers are rendered invalid.

What is clear here is that hackers use the vulnerabilities in our passwords to access platforms like this and take advantage of the benefits they offer us. However, we must be vigilant, since by not using secure keys we could expose our data on other sites that could be even more dangerous.

The recommendation is to make continuous updates to our passwords, in addition to using more reliable security standards. Remember that the best way to deal with a cyber attack is prevention.

.