300,000 to 350,000 Spotify accounts ended up compromised

The streaming music platform Spotify recently issued a security warning saying that as many as 350,000 users of the platform have been monitored for remote login and abnormal operation problems.

The company sent a security email to the affected users to remind users to change their passwords as soon as possible, otherwise, their accounts may have abnormal logins.

Some users reported that their accounts were logged in other devices and unfamiliar songs appeared in their favorite music lists. Obviously, this was not the user’s operation.

The reason for this problem is not a security issue with Spotify, but the same password that the user used has been leaked elsewhere, causing the database problem.

Spotify Apple's monopoly

“Spotify Playlist” by ciaranj75 is licensed under CC BY-NC-ND 2.0

The database problem is not a platform issue. Crashing the database refers to the leakage of other websites or platform databases. Hackers use account and password combinations to log in and test.

If you use the same account and password on various websites, the hacker only needs to get the data from one of the websites to hack all your accounts.

The problem encountered by Spotify users this time was to hit the database. A third party collected 380 million pieces of data and then used these data to try to log in to the user account.

At least 350,000 Spotify accounts have been successfully hacked into the database. The so-called successful hacking means that the hacker successfully logged in with the account and password.

Of course, it doesn’t make much sense for hackers to hit the Spotify account and password. After all, this is just a streaming music platform that is unlikely to contain too much private information.

However, hackers will use its value clean, such as renting or selling accounts with membership subscriptions, which is why there are remote logins.

After discovering the problem, Spotify stated that users should not use the same account and password. After discovering that they log in remotely, they must reset their passwords to ensure safety.

At the same time, the company has forcibly reset the password of the affected account. When users try to log in, they will see a reminder to reset the password. They can only login again after changing the password.

Via: ZDNet