HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
HOTforSecurity
  • Home
  • Threats
    • Security alerts
    • Social Networks Security
    • Mobile & Gadgets Security
    • Tips and Tricks
  • Smart Home Security
  • Digital Privacy
    • Digital Identity
    • Good Practices
    • Data Breach Alerts
  • Work from Home: Safety Tips
  • The ABC of Cybersecurity
  • Security Videos
Alina Bizga
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt
Digital Privacy • Industry News

Over 300,000 Spotify Accounts Compromised in Credential-Stuffing Attack

2 months ago
2 Min Read

An Elasticsearch database with over 380 million records, including login credentials, was used to target Spotify accounts, according to vpnMentor researchers.

Although the origin and owners of the leaked database are unknown, researchers speculate that hackers may have collected the data from previously breached platforms, and used it in credential-stuffing attacks against Spotify platform users.

“The incident didn’t originate from Spotify,” researchers said. “The exposed database belonged to a 3rd party that was using it to store Spotify login credentials. These credentials were most likely obtained illegally or potentially leaked from other sources that were repurposed for credential stuffing attacks against Spotify.”

The database contained over 72 GB of data, such as verified Spotify account usernames, passwords, email addresses, country of residence and, in some instances, IP addresses. However, the IP addresses are believed to have originated from “proxy servers belonging to the operators of the network on which the database was hosted.”

Researchers notified Spotify on July 9, which immediately prompted a mandatory password reset for all affected users.

“Working with Spotify, we confirmed that the database belonged to a group or individual using it to defraud Spotify and its users,” the report said. “We also helped the company isolate the issue and ensure its customers were safe from attack.”

Risks associated with the leak

As with any credential-stuffing attacks and data breaches, affected users should be wary of any phishing emails sent to trick them into exposing additional personal or financial information.

It’s also recommended to reset the passwords for all online accounts that shared the login credential combination with Spotify, to avoid account takeover, fraud, and identity theft. “Fraudsters could use the exposed emails and names from the leak to identify users across other platforms and social media accounts,” the researchers added. “With this information, they could build complex profiles of users worldwide and target them for numerous forms of financial fraud and identity theft.”

Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.

Tagsaccount takeover credential-stuffing attack data leak Spotify vpnMentor

You may also like

Industry News

Dutch Energy Supplier Blames Cyber Intrusion on Data Breaches Suffered by Other Companies

2 days ago
Digital Identity • Digital Privacy • Industry News

Australian Police Email Mistakenly Identifies Gun Owners

2 days ago
Digital Privacy • Industry News

FTC Orders Popular Women’s Fertility-Predictor App to Stop Misleading Users about Health Info Shared with Data Analytics Providers

2 days ago

About the author

View All Posts

Alina Bizga

Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.

FBI Warns of Spoofed Domains Imitating their Website
Manchester United Calls in Experts to Investigate Targeted Cyber-Attack on Its Systems
    Share This!
  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • ReddIt

Promo

1.3m
Fans
Like
104.9k
Followers
Follow
2.7k
Subscribers
Subscribe
19
Subscribers
subscribe
1.4m
Fans Love us

Recent shouts

  • Meurig Parri on Microsoft Ends Support for Windows 7. What You Need to Know
  • Kevin on Cable Haunt vulnerability affects millions of Broadcom cable modems
  • Terry on Ransomware attack forces Arkansas CEO to fire 300 employees days before Christmas
  • Martin on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre
  • Xander on 1&1 Telecom GmbH hit by almost €10 million GDPR fine over poor security at call centre

Time Machine

January 2021
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
« Dec    

ANTIVIRUS SOFTWARE FOR HOME USERS

Bitdefender Cybersecurity for Smart Home
Bitdefender Complete Protection
Bitdefender PC Protection
Bitdefender Antivirus for Mac
Bitdefender Mobile Security for Android
Bitdefender Product Comparison

BUSINESS SOLUTIONS

Bitdefender GravityZone Business Security
Bitdefender GravityZone Advanced Business Security
Bitdefender GravityZone Enterprise Security
Bitdefender Hypervisor Introspection

TOOLS & RESOURCES

Renewal for Business Customers
Trial Downloads
Free Antivirus
Free Online Virus Scanner
Free Virus Removal Tools
Live Remote Assistance
Free Tools
Bug Bounty
Press Center

Powered by Bitdefender - a leading cyber security technology provider | Copyright © 2008 - 2016. All rights reserved.
  • Home
  • The Team
  • Terms and Conditions
  • Contact
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok