Spotify Hack – Over 300k Accounts Hacked in Credential Stuffing Attack

Researchers have recently identified a potential credential filling operation, and the hackers targeting the users who have Spotify accounts. The origins of the operations are unknown, but it was confirmed that it had affected some online users who likewise have Spotify accounts.

The threat actors are using the credentials stuffing method; it is a hacking method that takes advantage of weak passwords that users apply and usually reuse these passwords online. 

The users have charged that their Spotify accounts were hacked soon after the passwords were altered, and some new playlists are being resembled in their profiles; not only this, but they also affirmed that their family accounts had strangers that are added from some other countries.

Event Summary

There is a full packed summary of the incident that we have mentioned below:-

  • Company targeted: Spotify
  • Company Headquarters: Stockholm, Sweden
  • Industry: Music Streaming and Media
  • Size of data in gigabytes and number of records: 72 GB; 380+ million records
  • Suspected no. of users: 300,000 – 350,000
  • Date range/timeline: Unknown
  • Geographical scope: Unknown
  • Types of data exposed: Email addresses; login credentials (usernames and passwords)
  • Potential impact: Identity Theft & Fraud; Scams, Phishing and Malware; Account Abuse. Credential Stuffing
  • Data storage format: Open and unencrypted Elasticsearch server; exposed MySQL servers.

Discovery & Investigation Timeline

The experts have claimed that it’s very important to know or to rectify what is being hacked and what not. And knowing all the details regarding the breach need some potentials time and attention.

After investigating the whole matter, some details have been discovered by the cybersecurity researchers, and here they are mentioned in the timeline.

  • Date discovered: July 3rd, 2020 
  • Date Spotify contacted: July 9th, 2020
  • Date of Response: July 9th, 2020
  • Date of Action: Between July 10th and July 21st

What experts discovered and found in the Database

The experts discovered that this operation does not originate from Spotify. All the exposed Databases are related to some 3rd party that was utilizing it to store Spotify login credentials. 

This method is one of the common methods used by the threat actors to access private accounts on mass platforms like Spotify. The hackers also target some online business who deals with all easy and weak passwords.

The database contained nearly 72GB of data; not only this, but it also includes nearly 380+ million individual records, but the origin of the Database is still unknown as the experts are trying to rectify it.

Data Exposed

The data that are being exposed in this operation are mentioned below:-

  • Account usernames and passwords verified on Spotify
  • Email addresses
  • Countries of residence

Potential Impacts of this event

  • Financial Fraud and Identity Theft
  • Phishing Scams and Malware
  • Account Abuse
  • External Account Takeover

Security experts’ recommendations

  • If the user reused their Spotify password on some accounts, then they should change it quickly to defend them from getting hacked.  
  • The experts also recommend the users to use a password generator to create unique, strong passwords for every individual account they have, and they can also change them regularly as per their requirement.
  • After being attacked by this operation, Spotify has launched a ‘rolling reset’ of passwords for all users affected in this stuffing attack. 
  • It is essential to keep all the information safe and secure by keeping proper track of your Spotify account.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.