Cloud Hosting

Security researchers announced on Monday (23) the discovery of a database with at least 350,000 passwords for Spotify users stolen by hackers and stored on a cloud server without any password, available to anyone who wanted to access it. them.

Working on a project that scans the internet for unprotected data, researchers Ran Locar and Noam Rotem, from the security website vpnMentor, came across this huge database, which may also have been discovered and copied by other hackers.

In an interview with the CNET website, Locar warns of a fundamental principle to be applied when choosing passwords for accounts: The lesson for the end user is: do not recycle your password. Eventually, one of them will be exposed. For him, reusing the same password for several sites and applications is one of the most risky things, as it exposes all your logins.

The hackers who obtained Spotifys passwords did not need to breach the streaming services systems. The capture of passwords depended only on a cache of logins stolen in previous breaches and a little patience to test them one by one.

According to CNET, the attackers were successful simply because Spotify account holders were reusing passwords for other accounts they owned on the internet, a basic security mistake. Hackers just experimented with the combinations in the music service, using a technique called credential filling.

It was not clear what the hackers were doing with the 150,000 stolen passwords. These accounts are usually sold to other users at a discount or used fraudulently to increase the performance of certain songs. Spotify has already requested a password reset for all affected users.

Original post:
Hackers steal and save Spotify login information - Somag News