Over 300K Spotify users targeted in credential stuffing attack

Over 300K Spotify users targeted in credential stuffing attack

Researchers from vpnMentor uncovered a possible credential stuffing operation that affected some Spotify accounts. The scheme was discovered after the researchers came across an Elasticsearch database containing over 380 million records, including login credentials and other user data collected from various sources, which the hackers were using to gain access to Spotify accounts. vpnMentor estimates that the number of impacted users ranges between 300,000 - 350,000.

Credential stuffing is a hacking technique that takes advantage of weak passwords that consumers use (and often re-use) online.

“In this case, the incident didn’t originate from Spotify. The exposed database belonged to a 3rd party that was using it to store Spotify login credentials. These credentials were most likely obtained illegally or potentially leaked from other sources that were repurposed for credential stuffing attacks against Spotify,” the researchers said.

It is not clear, who is behind the campaign or how the fraudsters were targeting Spotify.

The discovered database included 380 million records, with each record containing login name (email address), a password, and whether the credentials could successfully login to a Spotify account.

After the researchers contacted Spotify over the issue, the company initiated a ‘rolling reset’ of passwords for all users affected.

“As a result, the information on the database would be voided and become useless,” vpnMentor said.


Back to the list

Latest Posts

Cyber Security Week in Review: July 4, 2025

Cyber Security Week in Review: July 4, 2025

In brief: Google patches Chrome 0Day, the US is on the hunt for North Korean IT workers, and more.
4 July 2025
AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025