Researchers found Spotify was being used for credential-stuffing attacks.

Spotify has reportedly begun resetting the passwords of up to 350,000 accounts that were breached as the result of a credential-stuffing attack. A company called vpnMentor, as found by ZDNet, says that it discovered a treasure trove of hacked account data available online. This information was used by some nefarious types to gain access to the streaming music platform and generally cause havoc. ZDNet says that the company has now begun

Credential stuffing is the art of using data from one leak and using it to access otherwise secure accounts elsewhere. If you re-use your passwords, then if Site A is breached and hackers get hold of your email address and password, they can easily try them to access Site B. vpnMentor said that it found the cache of third-party data in July, and it notified Spotify on July 9th, at which point the streaming platform took action. It’s worth saying that Spotify itself was not breached, but that the login details were aggregated from other hacks.

As with all incidents of this type, it’s a good reminder to not re-use passwords, and make sure that you keep your passwords updated. If you don’t fancy doing that yourself, you can always avail yourself of a third-party password manager like LastPass, which also proactively warns you if your passwords show up in these sorts of databases. Spotify adds that users concerned about their privacy should head to a page with advice on how they can protect their account.

Source:
courtesy of ENGADGET

by Daniel Cooper

If you have any stories or news that you would like to share with the global online community, please feel free to share it with us by contacting us directly at [email protected]