If you have an account on the Swedish music streaming service Spotify, you cannot be 100% sure that sooner or later it will not be hacked and your personal data will not be available on the Internet.
By the way, practice proves just that. So, recently, 380 million Spotify accounts were hacked. This is the number of users stated by the Swedish music giant. Experts found an unsecured database on the network containing 380 million records, including the login details used to hack Spotify accounts. A 72 GB database containing more than 380 million personal data was available online. Although this information is no longer available on the Internet, it could have been copied by hackers. The following information was publicly available:
• user account names;
• e-mail address;
• country of residence.
Spotify has automatically reset the accounts (passwords) of users with hacked accounts. The actions taken by the Spotify team are certainly commendable. Within eleven days, the Spotify programmers had solved all the security issues. But experts are confident that such a tragedy might not have happened if the developers of the Swedish music streaming service had installed the possibility of double authentication of users.
According to vpnMentor, which discovered the problem on the worldwide web, this is a database that was not owned by Spotify on the internet. This means that the hackers themselves collected data from other sources and created this package.
The hackers responsible for stealing Spotify user data were not professionals. They left the stolen data in the cloud without any protection. They succeeded due to the fact that a lot of users use the same passwords in different services. Thus, by checking passwords in various services and comparing them with logins, you can find the right ones. This is certainly a tedious method, but quite effective.
It turned out that they had placed the stolen data on a server located in the cloud, without any protection. Thus, almost everyone had access to them and could easily take them over. Fortunately for the users of the platform, this did not happen, as the data was previously discovered by two security specialists. They secured him and then informed the service, which reset the passwords for the stolen accounts. Thanks to this, cybercriminals will no longer be able to use them for their activities, for example, to deceive the rating system of the platform or rent them out to everyone.
You should be aware that although criminals no longer have access to accounts, they still have user data. Therefore, if one of them uses the same password in different services, there is a high probability that attackers can hijack it.