Hundreds of thousands of Spotify users hacked in credential-stuffing incident

The company has reset the passwords for all affected accounts.

Public sources report that 300,000–350,000 Spotify accounts have been hacked by malefactors using credential-stuffing methods. The cybercriminals likely used a database of 380 million records compiled from various breaches of other resources to break in to users’ accounts. The database includes fields for e-mails and passwords, as well as one that identifies which credentials let one log in to the user’s Spotify account.

The company has reset passwords for all affected users as a countermeasure, thus making the database in question useless for malefactors.

What you can do:

• Never reuse your password across services. Use a unique and strong password for every website and app with which you have an account.
• If you use your Spotify password on any other services, change it everywhere.
• Stay alert to possible phishing attacks; hackers may leverage the accessed personal information for scams.