Spotify has initiated a rolling reset of passwords for up to 350,000 members after their account credentials were found to be compromised.
A research team from vpnMentor discovered an open database in July that stored 380,000 million records. It contained personally identifiable information along with the account credentials. After promptly alerting Spotify of the leak, both worked to mitigate the damage and keep the affected accounts safe.
- Spotify Plans Comparison: which music subscription is for you?
- How much data does Spotify really consume?
The leaked data from the database did not appear to be a result of a breach in Spotify’s servers. Instead, the research team believes the data were obtained via credential stuffing, a cyberattack that exploits username/password combinations stolen from other services and websites to access a different platform (Spotify).
Credential stuffing is effective because many Internet users recycle the same passwords across multiple sites. To remain safe, use multi-factor authentication whenever possible and frequently change passwords so they remain unique for each site.