The passwords of up to 350,000 Spotify users were gathered in a database that could be accessed by anyone. The exposure of the information did not occur due to a security breach of the streaming service, but due to the reuse of passwords from other services. In all, 380 million records were exposed, including, in addition to the password, other account data on the platform.
- Why you should use a password manager
- The best apps to manage your passwords
Spotify on iPhone (Image: André Fogaça/Tecnoblog)
The incident was discovered in July by security researchers at vpnMentor , but it was released this Monday (23). According to Noam Rotem and Ran Locar, who led the investigation, the hackers tested on Spotify emails and passwords found in leaks from other services.
When trying to access the streaming service with the information, the hackers found matches for somewhere around 300,000 to 350,000 accounts. All reused passwords from other sites and applications on the platform. These records were found by researchers because they were present in an unprotected database.
vpnMentor does not know what the purpose of collecting passwords was, but indicates that the records could be used in scams ranging from banking scams to phishing targeting users who have had their passwords exposed.
“The exposed database can be used in many criminal schemes, not only by the fraudsters who created it, but also by any malicious hackers who, like us, found the database," says the security company.
Spotify asked users to change passwords
Days after finding the database, the researchers informed the Spotify on the exposed information. The company has contacted affected users to ask for their passwords to be reset. With the update, at least on the streaming service, the database became useless.
At the same time, passwords can be tested again on other services on the internet. Therefore, Spotify and researchers at vpnMentor recommended that this information not be reused by users. One way to follow the guidance without running the risk of forgetting your credentials is to use an application to manage your passwords.
With information: CNET.