San Francisco, Nov 24 : Music streaming service Spotify has launched a rolling password reset of some consumer accounts after an open database containing credentials of some users were uncovered, said a report.
VPN review website vpnMentor on Monday said that its research team led by Noam Rotem and Ran Locar, discovered a possible credential stuffing operation whose origins are unknown, but that affected some online users who also have Spotify accounts.
Credential stuffing is a hacking technique that takes advantage of weak passwords that consumers use — and often re-use — online.
“We unearthed an Elasticsearch database containing over 380 million records, including login credentials and other user data being validated against the Spotify service,” vpnMentor said in a blog post.
“The origins of the database and how the fraudsters were targeting Spotify are both unknown. The hackers were possibly using login credentials stolen from another platform, app, or website and using them to access Spotify accounts,” it added.
“These credentials were most likely obtained illegally or potentially leaked from other sources that were repurposed for credential stuffing attacks against Spotify,” Rotem and Locar said.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories