Spotify: Thousands of emails and passwords leaked
Posted: Sun Jan 19, 2025 6:18 am
“Researchers at vnpMentor have identified approximately 72 GB of records containing data including passwords and emails of users of the music streaming service”
Spotify login
A new report published by security researchers at vpnMentor reveals that around 350,000 Spotify users had their data breached. The database identified by the company was 72 GB in size and was unprotected, allowing anyone to access it.
Among the leaked data, email addresses and login credentials such as belarus whatsapp list and passwords were identified. The discovery was made on July 3 and reported to Spotify on July 9. The company reportedly contacted affected users between the 10th and 21st of the same month, asking them to change their access password.
The discovery by researchers Noam Rotem and Ran Locar, however, was not due to a flaw in the service itself. Taking advantage of previous leaks, the fraudsters used data from other platforms to access Spotify accounts. The technique then cross-references login and password data, since many are reused.
“Companies cannot prevent this from happening because they do not control the passwords that consumers use (and reuse) online,” the report says. The researchers were unable to identify what the criminals’ intentions were with the database, nor whether it was actually accessed by other users.
Reproduction
Fraudsters can also use credentials to use Spotify's premium service for free. Image: vpnMentor/Disclosure
The impact of leaked data
“If you have been contacted by Spotify to change your password, we suggest you follow their instructions,” the researchers said. They also warn that reusing passwords can be dangerous, as it can potentially expose more than one credential. They also recommend changing your password on other platforms if the same one has been used.
“We recommend using a password generator to create strong, unique passwords for each private account you have,” they say, noting that it’s always best to change these passwords periodically.
The impact of data exposure can be varied. The information could be used in criminal schemes “not only by the fraudsters who created it, but also by any malicious hackers who found the database .”
Spotify login
A new report published by security researchers at vpnMentor reveals that around 350,000 Spotify users had their data breached. The database identified by the company was 72 GB in size and was unprotected, allowing anyone to access it.
Among the leaked data, email addresses and login credentials such as belarus whatsapp list and passwords were identified. The discovery was made on July 3 and reported to Spotify on July 9. The company reportedly contacted affected users between the 10th and 21st of the same month, asking them to change their access password.
The discovery by researchers Noam Rotem and Ran Locar, however, was not due to a flaw in the service itself. Taking advantage of previous leaks, the fraudsters used data from other platforms to access Spotify accounts. The technique then cross-references login and password data, since many are reused.
“Companies cannot prevent this from happening because they do not control the passwords that consumers use (and reuse) online,” the report says. The researchers were unable to identify what the criminals’ intentions were with the database, nor whether it was actually accessed by other users.
Reproduction
Fraudsters can also use credentials to use Spotify's premium service for free. Image: vpnMentor/Disclosure
The impact of leaked data
“If you have been contacted by Spotify to change your password, we suggest you follow their instructions,” the researchers said. They also warn that reusing passwords can be dangerous, as it can potentially expose more than one credential. They also recommend changing your password on other platforms if the same one has been used.
“We recommend using a password generator to create strong, unique passwords for each private account you have,” they say, noting that it’s always best to change these passwords periodically.
The impact of data exposure can be varied. The information could be used in criminal schemes “not only by the fraudsters who created it, but also by any malicious hackers who found the database .”