And for good cause, Spotify is easily one of the world’s most popular music streaming services: it’s easy and its music library is vast (and continuously growing). However the broader the user base of the app becomes the higher the chance of a security violation becomes, which Spotify’s fans have recently learned the hard way. A third-party network breach, which leaked login credentials and led the company to restore up to 350,000 passwords, affected hundreds of thousands of users.
Spotify itself has not been threatened or compromised in any manner in (as far as we know), to be completely honest. As large login databases leak into the internet, credential stuffing attacks occur and hackers continue to use the leaked passwords in as many sites as possible. They would eventually be able to get access to at least a number of places and facilities.
Your odds of being caught in one of these breaches falls to almost zero if you exercise good password hygiene and guarantee that you do not reuse the same login credentials across several websites or services. However, not everybody does this, and those of us of less than tech savvy relatives know.
Sadly, for Spotify, well over 300,000 of its users seem to have fallen into that camp. If you are one of them and have recently got a Spotify password reset email, we strongly suggest that you reset your password on any other websites on which you have used the same credentials.
All of this material was revealed in a “72GB database,” holding over “380 million records.” Researchers from vpnMentor, a cybersecurity and internet privacy-focused site, uncovered the database and its presence was widely revealed. Email addresses and countries of origin are used in the other vpnMentor data included in the collection.
Again, none of this is the fault of Spotify. As vpnMentor points out, companies can not stop customers from using and re-using faulty passwords—they can only help consumers recover their credentials, which is why this mass password reset was carried out by Spotify.