24 November 2020

Over 300K Spotify users targeted in credential stuffing attack


Over 300K Spotify users targeted in credential stuffing attack

Researchers from vpnMentor uncovered a possible credential stuffing operation that affected some Spotify accounts. The scheme was discovered after the researchers came across an Elasticsearch database containing over 380 million records, including login credentials and other user data collected from various sources, which the hackers were using to gain access to Spotify accounts. vpnMentor estimates that the number of impacted users ranges between 300,000 - 350,000.

Credential stuffing is a hacking technique that takes advantage of weak passwords that consumers use (and often re-use) online.

“In this case, the incident didn’t originate from Spotify. The exposed database belonged to a 3rd party that was using it to store Spotify login credentials. These credentials were most likely obtained illegally or potentially leaked from other sources that were repurposed for credential stuffing attacks against Spotify,” the researchers said.

It is not clear, who is behind the campaign or how the fraudsters were targeting Spotify.

The discovered database included 380 million records, with each record containing login name (email address), a password, and whether the credentials could successfully login to a Spotify account.

After the researchers contacted Spotify over the issue, the company initiated a ‘rolling reset’ of passwords for all users affected.

“As a result, the information on the database would be voided and become useless,” vpnMentor said.


Back to the list

Latest Posts

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

Cybercriminals use VoIP platforms to target company employees.
19 January 2021
IObit forum hacked in a DeroHE ransomware attack

IObit forum hacked in a DeroHE ransomware attack

It is unknown, how the hackers managed to compromise the forum, but it is possible that they gained access to an administrative account.
19 January 2021
OpenWrt Project discloses data breach

OpenWrt Project discloses data breach

The hackers gained access to an administrator account on the OpenWrt forum and stole a copy of the user list.
19 January 2021