Spotify Allegedly Hacked…Again
Tech Crunch is reporting streaming music service Spotify has allegedly been hacked…again. They were previously breached in 2009 and 2014 as well as February 2016 according to Naked Security by Sophos. A list of hundreds (if not more) of credentials were spotted on the website Pastebin.
The list includes emails, usernames, passwords, account type and other details. Tech Crunch reached out to a random sampling of the victims and confirmed the accounts were compromised. Some noticed weird activity such as songs on the recently played list that they didn’t listen to. Some users reported getting kicked off the service, some in the middle of songs, which is a characteristic of account hijacking, man-in-the-middle attacks, or session hijacking.
However Spotify told Mashable “Spotify has not been hacked and our user records are secure. We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”
This could potentially be true. It could be a delayed leak of the compromised accounts from February or 2014. Where this takes an interesting turn and slightly diminishes the credibility of Spotify is that many users are locked out of their accounts and are having trouble coordinating with Spotify to rectify the issue.
If you have an account with Spotify, then as BGR recommends you should change your password immediately. Currently the hack is only suspected with Spotify denying all claims. Even if the company wasn’t hacked it would be in the best interest to change your password to ensure you keep your account. It seems as if those who are harvesting the credentials are testing Spotify users for password re-use.
This can be catastrophic as most users do use the same password (or a variant) most everywhere. This creates a scenario where a password manager like Agile Bits 1Password can help a user. The software maintains a vault of all passwords and generates human unreadable passwords for various websites. If you have a credit card associated with your account, then you should activate credit monitoring or at least monitor all account activities in the foreseeable future and contact the card issuer.
If you think your data may have been compromised in this breach or any other, please check out HaveIBeenPwned and enter your email address.
Other APS Posts
MedStar Health Cybersecurity Fails to Prevent Attack
Adobe Patches Exploited Vulnerability
Ransomware Locks MBR
Iranian hackers hit with Federal charges
Spear Phishermen Target Corporate W-2 Data
Google Fixes Kernel Vulnerability
4 Things to Know About Ransomware
Ransomware Hits Mac Computers
IRS Targeted in Another Cyberattack
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.