"Up to 350,000 Spotify Accounts Hacked in Credential Stuffing Attacks"
Researchers at vpnMetro have recently found an unsecured internet-facing database containing over 380 million individual records, including login credentials leveraged to break into 300,000 to 350,000 Spotify accounts. The exposed records were stored on an unsecured Elasticsearch server and included various sensitive information such as people’s usernames and passwords, email addresses, and countries of residence. The exposed database belonged to a 3rd party that was using it to store Spotify login credentials. These credentials were most likely obtained illegally or potentially leaked from other sources that were repurposed for credential stuffing attacks against Spotify.
WeLiveSecurity reports: "Up to 350,000 Spotify Accounts Hacked in Credential Stuffing Attacks"