Hundreds of thousands of Spotify users hacked in credential-stuffing incident
The company has reset the passwords for all affected accounts.
Public sources report that 300,000–350,000 Spotify accounts have been hacked by malefactors using credential-stuffing methods. The cybercriminals likely used a database of 380 million records compiled from various breaches of other resources to break in to users’ accounts. The database includes fields for e-mails and passwords, as well as one that identifies which credentials let one log in to the user’s Spotify account.
The company has reset passwords for all affected users as a countermeasure, thus making the database in question useless for malefactors.
What you can do:
- Never reuse your password across services. Use a unique and strong password for every website and app with which you have an account.
- If you use your Spotify password on any other services, change it everywhere.
- Stay alert to possible phishing attacks; hackers may leverage the accessed personal information for scams.