Already this summer, Spotify asked its users to change their login information as the service became the target of a hacker attack.
„Credential Stuffing“ attack
The criminals gained access to the data with a „Credential Stuffing“ attack, in which user login data is tried out on various services. The attackers often have an easy time of it. Most users use simple passwords and this several times at different services. Passwords like 12345, soccer or starwars are still commonplace. The known login data are then tried out at various portals to gain access. The attack on the access data of Spotify users has only now become officially known. More than 300,000 users were affected.
To carry out the attack, the criminals used a database with more than 380 million entries. The database was discovered by the experts of VPNMonitor. It seems that the database was created by a third party, who exactly created this Elasticsearch database is not known yet. It is a size of 72 GB with passwords...
