Are you a Spotify user? If so, you’ve got plenty of company. Spotify has been a huge success in their industry. It has become one of the most popular music streaming services available. With all of the growth and success, this puts a pin on your back for an attack. Researchers at VPNMentor discovered a database of more than 300,000 Spotify user names and passwords available for free on the Dark Web (Check out the full report here).
Why Dark Web scans are important
No information is available about how the database was collected. This information is freely available and hackers have been making regular use of it. They use this information to try and force their way into user accounts. Sadly, it appears that a significant percentage of the records on the database contains working passwords.
The number of Spotify users reporting complaints about accounts being hacked has been growing. Playlists being deleted, new playlists appearing out of nowhere, and the like, but there’s never been any discernable pattern to these complaints. The discovery of the database on the Dark Web provides the missing puzzle piece and adds context to those complaints. Somehow, even though the company has reported no recent breaches, a large number of user records wound up on the Dark Web, and are actively being used by hackers around the world to cause mischief.
VPNMentor immediately notified Spotify about their discovery and the company took prompt action. Spotify forced a password reset on any account found on the database. So if you recently logged in and found that you were forced to change your password, now you know the reason why.
What could have been done?
It was a good move, and a safe move, but there’s more to this story. For more than a year now, Spotify’s users have been clamoring for two-factor authentication, and to date, the company has not seen fit to offer it. If it had been available, this never would have been an issue to begin with.
Spotify has a great track record of innovation and general responsiveness to its user base. The lack of 2FA stands out as a glaring black mark on what is otherwise an outstanding record. Here’s hoping the company remedies that soon. In the meanwhile, check your Spotify account and update your password. If you log in and are asked to update your password the database on the Dark Web is almost certainly the reason why. If you have any questions about our Dark Web scans or 2FA offings feel free to contact us, we are always happy to help!