Thousands of Spotify passwords stolen

Must Read

Brian Adam
Professional Blogger, V logger, traveler and explorer of new horizons.
- Advertisement -
- Advertisement -
- Advertisement -
- Advertisement -

Information security is very important. It concerns not only large companies but also small users. Losing our data can be much more than a headache, and recovering it perhaps impossible.

In the last hours the existence of a database with hundreds of thousands of Spotify passwords was known. But that would not be all, because apparently said list was stored on a server … without a password. Quite a paradox.

According to the site, the most used passwords in 2020 were, among others: 12345678, password and 111111 …

Cybersecurity experts repeat ad nauseam that we must be careful with our passwords. That we should not use common words, repetitions of numbers or logical sequences or closeness on the keyboard. That we must not repeat passwords and that we must renew them from time to time. That we must use 10 or more characters, uppercase and lowercase letters, and alternately numbers and symbols.

But, according to the site, the most used passwords in 2020 were, among others: 12345678, password and 111111. A horror. However, the simplicity of the code is not everything. Because there are also our social oversights.


In the case that summons us, the passwords were obtained by filling in credentials. According to CNETThat would be about 350,000 passwords.

The site reported that the cybercriminals did not need to breach any systems, but simply used a history of previously stolen credentials, and then tried their luck.

The existence of a database (without password) with hundreds of thousands of Spotify credentials was known …

Apparently thousands of Spotify consumers were reusing passwords across various services, and for that alone cybercriminals were successful. It is that they only had to try the same combinations on the music platform. This technique is called “credential stuffing.”

The problem was that, then, they dumped all the information in various files that were uploaded to a server and left without a password, available to “the community”.

- Advertisement -
Follow us on Google News

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.