Hackers try to access Spotify accounts using a database of 380 million subscriptions with login credentials and personal information collected from various sources.
For years, the users they complained that the accounts their Spotify accounts are hacked even after they change their passwords and new playlists appear on their profiles or that they have added foreign contacts from other countries.
A new report details how a database containing over 380 million records, including login credentials, usesare actively involved in hacking Spotify accounts.
300 million subscriptions with user information for Spotify account breach
The usual attack used to steal accounts is called a "credential breach attack". With it, hackers use usernames / password combinations that have been leaked in previous breaches to gain access to user accounts and other online platforms.
Today, VPNMentor released a report on a database that was exposed on the Internet, which contained 300 million combinations of usernames and passwords used on Spotify.
Each entry in this database contains a login name (email address), a password, and possibly these credentials can be successfully linked to a Spotify account, as shown below.
It is not known how the 300 million records were collected. It is most likely through data breaches or large "collections" of credentials, usually issued by hackers free on some platforms.
The researchers they believe the 300 million records listed in the database allowed attackers to breach 300.000 to 350.000 Spotify accounts.
For users whose accounts were compromised, Spotify reset their passwords in July.
Spotify does not support multi-factor authentication, which would significantly increase account security, even though users have been asking for it for some time.