social

Spotify Account Hacked

If you are a user of the Spotify music streaming service, then you are probably sure that your personal data is under reliable protection, because we are talking about the giant of the global music streaming industry and the market leader. But, as it turned out, not everything is so serene.

Investigators found an unsecured database online that contained 380 million entries, including login details that were used to hack 350,000 Spotify accounts. What did the disclosed data contain? It was the same confidential information as logins, passwords, email addresses and countries of residence. The Swedish giant confirmed both the veracity of the data and the fact that cybercriminals use it. So far, it has not been possible to establish the owners of the data, but it is known that the popular music service is not responsible for the incident, and the shared database belonged to a third party who leaked or stolen data.

Spotify Account Hacked

Immediately after the incident became known, procedures were implemented to once again ensure the safety of users. Within eleven days, Spotify addressed the issue by implementing, among other things, the requirement to reset passwords for all at-risk users. However, the scale of this incident could have been less if the website had allowed users to use dual authentication.

Spotify user data was used for credential spoofing attacks. What does this mean? This is a technique used by cybercriminals who use bots to take over your account. The attack is automated, with the bots making subsequent login attempts using stolen credentials from a captured database.

Try it free

This method is extremely effective if the victim uses the same password on different portals. These types of attacks continue to grow in popularity as users continue to use simple passwords, share them with other people, and most of all set the same password on different websites. However, users still find that they don’t need a strong password every day. Among the most popular passwords of 2022, simple passwords such as 123456 and 123456789 are invariably in the lead.

First, they allow attackers to identify users on other sites. Do you have a Facebook, Instagram account or maybe you use Netflix? The data obtained in this way can be used for targeted personalized attacks. Undoubtedly, sending phishing messages to users using this site increases the likelihood of a successful attack by cybercriminals.

How can we protect ourselves from the use of our sensitive data? Start by setting a strong and unique password. We recommend that you use a password manager, it is a handy tool that will generate and save a complex password for all the websites and websites you use on its own, the only thing you will need to remember is the master password for the manager. Use two-factor authentication whenever possible – most websites now offer this feature. Remember, if your website has been leaked or stolen, change your password first.

Try it free