marking the third hack in the past few weeks of the world's most popular streaming service.
Spotify explained that the leaked data includes email addresses, preferred display names, passwords, gender, and dates of birth.
Spotify said in a statement about the leak: It was due to a flaw in the program that existed during the period between April 9 and November 12 of this year, and the flaw was corrected as soon as it was discovered.
The statement read: “We take any loss of personal information very seriously, and are taking steps to help protect you and your personal information. We have conducted an internal investigation and contacted all of our business partners who may have access to your account information to ensure that any personal information that may have been unintentionally disclosed to them is deleted.
This announcement comes a few days after a hacker named (Daniel) seized some pages of very popular stars in the podcast service, and then used artist pages, including Pop Smoke and Dua Lipa, to announce his love for Donald Trump, and ( Taylor Swift).
Just a week before the aforementioned incident, and specifically at the end of last November, hackers tried to take over user accounts through the extensive entry of credentials. In this type of attack, the attackers bet on people who reuse passwords and try to use the stolen passwords and identifiers in various services with the aim of hijacking the accounts that use that data.
Researchers at information security company vpnMentor found a leaked database containing more than 380 records of Spotify users, including: Login credentials.
"The exposed database was belonging to a third party that was using it to store the credentials to log into Spotify," the company said. She added, "It is likely that these credentials were obtained illegally, or may have been leaked from other sources."
After discovering the hack, Spotify began to reset passwords, rendering the database useless. And now the database has been leaked to service users again. The company encourages users to update passwords for other accounts associated with the same email account.
0 Comments