Spotify is one of the famous music streaming services with millions of users. However, users of the music streaming service were targeted by attackers using credential-stuffing approaches and due to this credential-stuffing operation, subscribers of Spotify streaming music service may have experienced some disruption
Credential stuffing takes advantage of people who reuse the same passwords across multiple online accounts.
Attackers use IDs and passwords stolen from another source, such as a breach of another company or website, that they then try to use to gain unauthorized access to other accounts, trying the stolen logins against various accounts using automated scripts. Cybercriminals have successfully leveraged the approach to steal data from various popular companies.
Researchers at VpnMentor’s released a database containing more than 380 million individual records, including login credentials and other user data, actively being validated against Spotify accounts. The database contained over 72 GB of data, including account usernames and passwords verified on Spotify; email addresses; and countries of residence. The login credentials used by the hackers were stolen from another platform, app or website to access Spotify accounts.